Nessus Report

Report generated by Nessus™

ExternalScan

Thu, 26 Oct 2023 13:01:55 CDT

TABLE OF CONTENTS
Vulnerabilities by HostExpand All | Collapse All
173.12.226.89
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 22:19:50 2023
End time: Wed Oct 25 22:57:14 2023
Host Information
DNS Name: 173-12-226-89-memphis.hfc.comcastbusiness.net
IP: 173.12.226.89
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


173.12.226.89 resolves as 173-12-226-89-memphis.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 50.606 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 22:20 CDT
Scan duration : 2234 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 173.12.226.89 :
192.168.100.162
192.168.100.1
173.12.226.89

Hop Count: 2
173.12.226.90
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 22:21:43 2023
End time: Wed Oct 25 22:59:07 2023
Host Information
DNS Name: 173-12-226-90-memphis.hfc.comcastbusiness.net
IP: 173.12.226.90
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


173.12.226.90 resolves as 173-12-226-90-memphis.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.326 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 22:21 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 173.12.226.90 :
192.168.100.162
192.168.100.1
173.12.226.90

Hop Count: 2
173.12.226.91
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 22:57:14 2023
End time: Wed Oct 25 23:34:38 2023
Host Information
DNS Name: 173-12-226-91-memphis.hfc.comcastbusiness.net
IP: 173.12.226.91
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


173.12.226.91 resolves as 173-12-226-91-memphis.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.722 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 22:57 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 173.12.226.91 :
192.168.100.162
192.168.100.1
173.12.226.91

Hop Count: 2
173.12.226.92
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 22:59:07 2023
End time: Wed Oct 25 23:36:39 2023
Host Information
DNS Name: 173-12-226-92-memphis.hfc.comcastbusiness.net
IP: 173.12.226.92
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


173.12.226.92 resolves as 173-12-226-92-memphis.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.518 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 22:59 CDT
Scan duration : 2239 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 173.12.226.92 :
192.168.100.162
192.168.100.1
173.12.226.92

Hop Count: 2
173.12.226.93
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 23:34:38 2023
End time: Thu Oct 26 00:12:02 2023
Host Information
DNS Name: 173-12-226-93-memphis.hfc.comcastbusiness.net
IP: 173.12.226.93
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


173.12.226.93 resolves as 173-12-226-93-memphis.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.359 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 23:34 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 173.12.226.93 :
192.168.100.162
192.168.100.1
173.12.226.93

Hop Count: 2
173.12.226.94
0
1
1
0
10
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 23:36:39 2023
End time: Thu Oct 26 00:14:38 2023
Host Information
DNS Name: 173-12-226-94-memphis.hfc.comcastbusiness.net
IP: 173.12.226.94
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


173.12.226.94 resolves as 173-12-226-94-memphis.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/555

Port 555/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 62.859 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 23:36 CDT
Scan duration : 2270 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 173.12.226.94 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.240.102
68.86.240.206
96.110.133.106
173.12.226.94

Hop Count: 9
173.14.192.65
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 00:12:02 2023
End time: Thu Oct 26 00:49:33 2023
Host Information
DNS Name: 173-14-192-65-BusName-tupelo.hfc.comcastbusiness.net
IP: 173.14.192.65
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


173.14.192.65 resolves as 173-14-192-65-BusName-tupelo.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.942 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 0:12 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 173.14.192.65 :
192.168.100.162
192.168.100.1
173.14.192.65

Hop Count: 2
173.14.192.66
0
1
1
0
10
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 00:14:38 2023
End time: Thu Oct 26 00:52:30 2023
Host Information
DNS Name: 173-14-192-66-BusName-tupelo.hfc.comcastbusiness.net
IP: 173.14.192.66
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


173.14.192.66 resolves as 173-14-192-66-BusName-tupelo.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/555

Port 555/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 69.516 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 0:14 CDT
Scan duration : 2262 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 173.14.192.66 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.85.203.10
96.108.30.22
96.108.88.166
173.14.192.66

Hop Count: 9
216.37.68.97
0
1
1
0
10
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 00:49:33 2023
End time: Thu Oct 26 01:05:48 2023
Host Information
DNS Name: net-216-37-68-97.in-addr.worldspice.net
IP: 216.37.68.97
OS: Linux Kernel 2.6
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel -> Linux Kernel

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 65
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.97 resolves as net-216-37-68-97.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 64.797 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 0:49 CDT
Scan duration : 974 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP


The remote host is running Linux Kernel 2.6
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.97 :
192.168.100.162
192.168.100.1
216.37.68.97

Hop Count: 2
216.37.68.98
0
1
3
0
28
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 00:52:30 2023
End time: Thu Oct 26 01:29:44 2023
Host Information
DNS Name: net-216-37-68-98.in-addr.worldspice.net
IP: 216.37.68.98
OS: FortiOS on Fortinet FortiGate
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/443/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : O=Fortinet Ltd./CN=FortiGate

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE's :

cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : firewall
Confidence level : 100

17367 - Fortinet FortiGate Web Console Management Detection
-
Synopsis
A firewall management console is running on the remote host.
Description
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.

Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
See Also
Solution
Filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2005/03/18, Modified: 2023/07/18
Plugin Output

tcp/443/www


The following instance of FortiOS Web Interface was detected on the remote host :

Version : >= 5.4
URL : https://net-216-37-68-98.in-addr.worldspice.net/

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.98 resolves as net-216-37-68-98.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Encoding: gzip
Content-Type: text/html
ETag: 3d9d521f61a853f8ef09c629fd5d0485
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Thu, 26 Oct 2023 06:12:05 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Response Body :

.‹.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/1723/pptp

Port 1723/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 74.240 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 0:52 CDT
Scan duration : 2225 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML


The remote host is running FortiOS on Fortinet FortiGate

10622 - PPTP Detection
-
Synopsis
A VPN server is listening on the remote port.
Description
The remote host is running a PPTP (Point-to-Point Tunneling Protocol) server. It allows users to set up a tunnel between their host and the network the remote host is attached to.
Solution
Make sure use of this software is in agreement with your organization's security policy.
Risk Factor
None
References
XREF IAVT:0001-T-0900
Plugin Information
Published: 2001/02/28, Modified: 2020/09/22
Plugin Output

tcp/1723/pptp


It was possible to extract the following information from the remote PPTP server :

Firmware Version : 1
Vendor Name : Fortinet pptp
Host name : fortinet-pptp

31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

+ On the following port(s) :
- 443 (15 hops away)
- 1723 (15 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

net-216-37-68-98.in-addr.worldspice.net

The Common Name in the certificate is :

fortigate
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Issuer Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Serial Number: 26 27 A5 C3 2A 13 DC CE

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CF 53 4F A6 DF 62 53 67 31 C7 B8 39 F3 3C C5 9A 07 D1 EC
23 56 00 17 3E 9C 6C 7B BD 98 1C 1E 4C 96 E8 BD F9 B6 52 59
64 C0 15 E7 4C 6D E7 28 E5 2D 23 68 B8 7F D8 C1 55 11 1D E0
33 AD 71 FB BB 5D 7D 5E C6 D6 44 B3 94 99 17 53 89 61 B8 ED
01 21 FA C8 43 24 46 CC FB 84 3D 88 FB 4C 42 39 DF 6A 28 B5
B5 38 A5 52 8E 11 2D A7 9B 8C 77 DB 8B 5E 17 08 6D 90 59 05
EE 2A 4E 19 AC 16 51 F3 3B 76 27 43 E6 71 1F A2 B5 DB DF 5F
14 31 A0 67 C6 06 D4 00 93 1F C3 0C F8 23 B3 42 5E 1A D7 26
36 2A 81 83 C1 9D 87 B1 DF 1A A9 84 B5 B1 D9 D3 B0 88 7B 10
70 61 92 02 BF 68 15 C1 02 8B 95 56 3F 53 8C 68 66 AC 54 4B
83 70 32 9A AC B2 34 E7 09 C3 0E B0 C8 DD 21 13 15 C1 70 AC
97 87 CB 27 E8 F5 6E 2C 6B C4 91 D6 FA 4A F1 D8 14 A6 10 73
7D C6 A9 A4 60 A1 BE C5 7C 05 F1 C9 F2 81 8B 4A FD
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 AF D1 9C 0D 11 FE B7 B0 EE 08 F5 EC 46 B0 B2 5F 01 69 86
9F 41 5B F7 11 34 C0 B4 82 09 85 00 B6 8C 0F 6B D8 46 8A A7
9E 35 F6 34 F2 0A 7C D6 E3 45 66 95 6A 38 DA 02 41 0E 7A 09
D7 12 91 5B 1F 88 F1 BF 1C 5C 0B EA 3B D1 FE 37 34 30 C5 6E
10 8A A8 42 EA E8 DA C0 92 DC 04 E7 CE 38 A1 89 FE 5C 6C AC
94 62 21 AD 90 3B 34 55 8D F5 28 C7 17 EE 59 C9 D4 1D 8A 0A
24 26 98 A1 A3 D1 62 C2 15 95 B6 69 B4 FD D1 CB BC 40 64 89
D4 9B 3D A0 D7 EA AC 76 D6 21 3A 40 83 6A 8A 47 F5 24 F1 04
BB B0 EF 4B E0 9F 87 E0 AA B0 CF DD 33 CF 2A 9F E1 04 12 FD
CC 2A 8B 9C 93 88 13 65 F1 C3 C6 36 E3 D9 BF 3A B6 70 61 4D
E0 19 13 5D E7 0D EB CE 4F E6 F0 CA 89 40 66 B6 B5 C7 88 3A
80 40 60 41 D0 1A B0 21 71 3E 50 7F 0D 3E 58 B4 87 C8 5B 71
26 B7 81 2C 5F 2E 39 34 2C 1F 39 58 D1 7D E2 43 49

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Fingerprints :

SHA-256 Fingerprint: 90 F3 BC 37 37 55 AA 0A F8 89 FE C3 29 BD 4C 46 7C 11 93 A8
6B 3A C1 AF B4 28 58 BC F8 47 BA 23
SHA-1 Fingerprint: A6 20 38 B0 B8 48 F8 23 2F 7A 63 65 93 A1 7F 49 5E 9B 79 E9
MD5 Fingerprint: 02 6C C4 90 F5 95 C5 26 CD 63 59 84 27 58 61 80


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIIJielwyoT3M4wDQYJKoZIhvcNAQELBQAwLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMB4XDTIwMDgxNjE1MzQxOVoXDTMwMDgxNzE1MzQxOVowLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1NPpt9iU2cxx7g58zzFmgfR7CNWABc+nGx7vZgcHkyW6L35tlJZZMAV50xt5yjlLSNouH/YwVURHeAzrXH7u119XsbWRLOUmRdTiWG47QEh+shDJEbM+4Q9iPtMQjnfaii1tTilUo4RLaebjHfbi14XCG2QWQXuKk4ZrBZR8zt2J0PmcR+itdvfXxQxoGfGBtQAkx/DDPgjs0JeGtcmNiqBg8Gdh7HfGqmEtbHZ07CIexBwYZICv2gVwQKLlVY/U4xoZqxUS4NwMpqssjTnCcMOsMjdIRMVwXCsl4fLJ+j1bixrxJHW+krx2BSmEHN9xqmkYKG+xXwF8cnygYtK/QIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCv0ZwNEf63sO4I9exGsLJfAWmGn0Fb9xE0wLSCCYUAtowPa9hGiqeeNfY08gp81uNFZpVqONoCQQ56CdcSkVsfiPG/HFwL6jvR/jc0MMVuEIqoQuro2sCS3ATnzjihif5cbKyUYiGtkDs0VY31KMcX7lnJ1B2KCiQmmKGj0WLCFZW2abT90cu8QGSJ1Js9oNfqrHbWITpAg2qKR/Uk8QS7sO9L4J+H4Kqwz90zzyqf4QQS/cwqi5yTiBNl8cPGNuPZvzq2cGFN4BkTXecN685P5vDKiUBmtrXHiDqAQGBB0BqwIXE+UH8NPli0h8hbcSa3gSxfLjk0LB85WNF94kNJ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/443/www


The STS header line is :

Strict-Transport-Security: max-age=15552000

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.98 :
192.168.100.162
192.168.100.1
216.37.68.98

Hop Count: 2

100669 - Web Application Cookies Are Expired
-
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Published: 2017/06/07, Modified: 2021/12/20
Plugin Output

tcp/443/www


The following cookies are expired :

Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :
216.37.68.99
0
1
3
0
33
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 01:05:48 2023
End time: Thu Oct 26 01:52:56 2023
Host Information
DNS Name: net-216-37-68-99.in-addr.worldspice.net
IP: 216.37.68.99
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.

88098 - Apache Server ETag Header Information Disclosure
-
Synopsis
The remote web server is affected by an information disclosure vulnerability.
Description
The remote web server is affected by an information disclosure vulnerability due to the ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files.
See Also
Solution
Modify the HTTP ETag header of the web server to not include file inodes in the ETag header calculation. Refer to the linked Apache documentation for more information.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 6939
CVE CVE-2003-1418
XREF CWE:200
Plugin Information
Published: 2016/01/22, Modified: 2020/04/27
Plugin Output

tcp/80/www


Nessus was able to determine that the Apache Server listening on
port 80 leaks the servers inode numbers in the ETag HTTP
Header field :

Source : ETag: "422be-d39-5d5e1b6df5200"
Inode number : 271038
File size : 3385 bytes
File modification time : Jan. 18, 2022 at 21:11:36 GMT

10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=*.m.reyrey.net
|-Issuer : C=US/O=Let's Encrypt/CN=R3

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/80/www


URL : http://net-216-37-68-99.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/443/www


URL : https://net-216-37-68-99.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


Following application CPE matched on the remote system :

cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/443/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

Apache

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/443/www

The remote web server type is :

Apache

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.99 resolves as net-216-37-68-99.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 403 Forbidden

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 06:27:43 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 21:11:36 GMT
ETag: "422be-d39-5d5e1b6df5200"
Accept-Ranges: bytes
Content-Length: 3385
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html

Response Body :

<html>
<head>
<title>Error 403</title>
<style>
body {
background-color: #73767c;
font-family: Times, serif;
font-size: 18px;
}
.container {
width: 640px;
margin: auto;
padding: 0 10px 20px;
background: #fff;
text-align: center;
overflow: hidden;
border-radius: 5px;
box-shadow: 0px 10px 15px #59595b;
}
div.reylogo {
width: 200px;
height: 200px;
margin: 0px auto;
background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAABGdBTUEAAOD8YVAtlgAAAu1pQ0NQSUNDIFByb2ZpbGUAADjLY2BgnuDo4uTKJMDAUFBUUuQe5BgZERmlwH6egY2BmQEMEpOLCxwDAnxA7Lz8vFQGVMDIwPDtGohkYLisCzKLgTTAmgy0GEgfAGKjlNTiZCD9BYjTy0sKgOKMMUC2SFI2mF0AYmeHBDkD2S0MDEw8JakVIL0MzvkFlUWZ6RklCoaWlpYKjin5SakKwZXFJam5xQqeecn5RQX5RYklqSlAtVA7QIDXJb9EwT0xM0/ByECVgcoAFI4QFiJ8EGIIkFxaVAYPSgYGAQYFBgMGB4YAhkSGeoYFDEcZ3jCKM7owljKuYLzHJMYUxDSB6QKzMHMk80LmNyyWLB0st1j1WFtZ77FZsk1j+8Yezr6bQ4mji+MLZyLnBS5Hri3cmtwLeKR4pvIK8U7iE+abxi/Dv1hAR2CHoKvgFaFUoR/CvSIqIntFw0W/iE0SNxK/IlEhKSd5TCpfWlr6hEyZrLrsLbk+eRf5PwpbFQuV9JTeKq9VKVA1Uf2pdlC9SyNUU0nzg9YB7Uk6qbpWeoJ6r/SPGCwwrDWKMbY1kTdlNn1pdsF8p8USywlWdda5NnG2gXau9tYOxo46TmrOSi4KrvJuCu7KHuqeul4m3jY+7r7Bfgn++QH1gRODlgbvCrkY+jKcKUIu0ioqIroiZmbsnrgHCWyJuklhyQ0pa1JvpnNkWGRmZs3NvpjLnmefX1GwqfBdsXZJVumqsjcV+pUlVbtqGGu96qbWP2zUa6ppPtsq11bYfrRTuquo+3Sval9j/92JNpNmT/47NX7a4RkaM/tnfZ+TMPf0fPMFSxeJLG5d8m1Z5vJ7K0NWnV7jsnbfessN2zaZbN6y1WTb9h1WO/fvdt1zdl/Y/gcHcw79PNJ+TPz4ipPWp86dST776/yki9qXjl5JvPrv+pybNrfu3qm/p3z/xMO8x2JP9j/LfCHy8uDr/Lfy7y58aPpk+vnV1wXfw38K/Dr1p/Wf4///AA0ADzTvzc3MAAAABlBMVEUATnsAAAD+mnh6AAAAAnRSTlP/AOW3MEoAAAAJcEhZcwAALiIAAC4iAari3ZIAAALeSURBVHhe7dXRcuIwEETR8P8/vZK53mygKIi3NWqp+rwEjDOeW0GVr9smEuImIW4S4iYhbhLiJiFuEuImIW4S4iYhbhLiJiGvfIkx9q1+I79i6r7nW+0+fsEVi77z8Z/uQzxdiMHvqEOmnpEtJMRNQn6HkyvAwCc1ISwhwchH7To3rILFH/Xr3LGI+95PXl0XYwkBBj4pChkvIW4Scg0nVoGJp9oQdtBgJtpbri+HAuwUUokdJBiJ4pBxEuImIddxViUY2dSHsIIIQ48QLq2JjL1CirGBCENnhAySEDcJ+Q+cUw1mzghhA5VzqnxwtQ1DqrGAyjmVn6VYQYGJk0JGSIibCSF8uzWYOSOEDVSY2kO4sqoNQ4rxfBWm5rDbSYib8hC+2xKMPBSHsIEKU7v2motLoqLZKaQSz1dhalccoi1h5qE6ZJiEuEnIb3E+RRj6j3aJz9bC+t92CinB82UY+60qpOKM7CEhbhLyHudShamvtM+50R0Lv7JTyCA8X4axr4wLGf4v8KeBIbUS4iYhn+O0ijD0Sf+AWxZx3/tJu84Nq2DxRy//VDI8X4axj8aHFJ6RLSTETUIu4LiKMPRUF8LzZRh7au/5YDkUoL/lg8Xc9//r8f1IbCDC0FNlyFAJcZOQazioIgw91IawgApTD+0NV1dERNdfc3VB94bDjz/PcDxfhamH2pCBEuImIRdxTEUY2hWHsIAMY5v2kmtLoqLZKaQSz1dhalccMk5C3CTkKo6pBjO76hA2UGFq015ybUlUNDuFlGIBFaY21SHDJMRNQi7jmGowsykPYQMVph4hXFoTGXuF1GIBFaZOCJGWMLKrDxkkIW5mhPAF12DmjBA2UDmnygeX2y+kGs9XOafysxIbaDBzSsgQCXEzL4TvuMIx7hhajxVUjhBeL22vkClYQGVeiLakz7uPXV9C3CTETULcJMRNQtwkxE1C3CTETULcJMRNQtwkxMvt9gdiX3KCo5HNSAAAAABJRU5ErkJggg==);
}
div.errcode {
font-size: 4em;
font-weight: 900;
}
div.errdesc {
margin-bottom: 0.5em;
font-size: 2em;
font-weight: 700;
}
div.details {
font-size: 18px;
}
</style>
</head>
<body >
<div class="container">
<div class="reylogo"></div>
<div class="errcode">403</div>
<div class="errdesc">Forbidden</div>
<div class="details">
You do not have permission to access this resource.<br/>
Contact <a href="https://www.reyrey.com/support/">Reynolds and Reynolds Support</a> for assistance.
</div>
</div>
</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 200

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 06:27:44 GMT
Server: Apache
Content-Length: 3781
Vary: Accept-Encoding
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/shtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reynolds&nbsp;Integrated&nbsp;Telephone&nbsp;System</title>
<link rel="stylesheet" type="text/css" href="/pbxadcon?File=pbxadconmain.css&Type=text/css" />
<link rel="stylesheet" type="text/css" href="/pbxadcon?File=pbxadconcontent.css&Type=text/css" />
<link rel="stylesheet" type="text/css" href="/pbxadcon?File=pbxadconcontentlayout.css&Type=text/css" />
<script type="text/javascript" src="/pbxadcon?File=pbxadconinterface.js&Type=text/javascript"></script>

</head>

<body>
<form id="RitsIfForm" action="" method="post">
<input type="hidden" id="PageId" name="PageId" value="Login" />
<input type="hidden" id="PbxAdConAction" name="PbxAdConAction" value="LOGON" />


<!-- Title Bar - Image/RITS Logo -->
<div class="RitsTitleBarFullPage">
<div class="RitsTitleBarHeader">
<img src="/pbxadcon?File=phone.jpg&Type=image/JPEG" alt="" style="object-fit: cover;" width="100%" height="100%"/>
<div class="RitsTitleBarText">
<label class="front">Reynolds&nbsp;Integrated&nbsp;Telephone&nbsp;System</label>
</div>
</div>
</div>

<table width="100%">
<tr>
<td align="center">
<div class="ContentDiv">
<div class="BlueGradientBG" style="width:600px">
<div class="PageContent">
<div class="PageTitle">Log On</div>
<table class="PageTable">
<tr>
<td class="TableLabel">
Username:
</td>
<td class="TableData">
<input id="AdConUser" name="AdConUser" size="20" maxlength="20"/>
<script type="text/javascript" language="javascript">SetLoginFocus();</script>
</td>
</tr>
<tr>
<td class="TableLabel">
Password:
</td>
<td class="TableData">
<input type="password" id="AdConPass" name="AdConPass" />
</td>
</tr>
<tr>
<td colspan="2" class="DisplayButtons">
<input type="submit" value=" Log On " />
</td>
</tr>
</table>
</div>
</div>
</div>
</td>
</tr>
<tr align="center">
<td>
<br />
<span id="MsgBox"></span>
<div class="disclaimer">
This software is a valuable proprietary trade secret which is the property of The Reynolds and Reynolds Company, <span class="italics">original copyright 2010 to present</span>.<br /><br />
A condition of the license of this software is that the licensed user and all of the licensed user's employees (collectively, the "End User") shall maintain this software and all of its functions in confidence from all outside third parties.<br /><br />
Any access to this software by electronic means or otherwise by anyone who is not a dealership employee constitutes a breach of the license agreement. By signing on to the system, End User acknowledges compliance with this agreement.
</div>
</td>
</tr>
</table>
</form>
</body>
</html>

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 43.540 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 1:05 CDT
Scan duration : 2818 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

net-216-37-68-99.in-addr.worldspice.net

The Common Name in the certificate is :

*.m.reyrey.net

The Subject Alternate Name in the certificate is :

*.m.reyrey.net
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/443/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/443/www


The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :

Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Common Name: *.m.reyrey.net

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26


Fingerprints :

SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.99 :
192.168.100.162

An error was detected along the way.

An error was detected along the way.

An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.121
96.110.34.106
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.99

Hop Count: 16

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/443/www


The following string will be used :
TYPE="password"
216.37.68.100
0
1
1
0
8
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 01:29:44 2023
End time: Thu Oct 26 02:06:43 2023
Host Information
IP: 216.37.68.100
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.626 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 1:29 CDT
Scan duration : 2205 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.100 :
192.168.100.162
192.168.100.1
216.37.68.100

Hop Count: 2
216.37.68.101
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 01:52:56 2023
End time: Thu Oct 26 02:30:20 2023
Host Information
DNS Name: net-216-37-68-101.in-addr.worldspice.net
IP: 216.37.68.101
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.101 resolves as net-216-37-68-101.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.411 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 1:53 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.101 :
192.168.100.162
192.168.100.1
216.37.68.101

Hop Count: 2
216.37.68.102
0
4
8
1
65
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 02:06:43 2023
End time: Thu Oct 26 03:48:47 2023
Host Information
DNS Name: net-216-37-68-102.in-addr.worldspice.net
IP: 216.37.68.102
OS: Microsoft Windows 10
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.

77026 - Microsoft Exchange Client Access Server Information Disclosure
-
Synopsis
The remote mail server is affected by an information disclosure vulnerability.
Description
The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability to learn the server's internal IP address.
An attacker can send a crafted GET request to the Web Server with an empty host header that would expose internal IP Addresses of the underlying system in the header response.
See Also
Solution
Only attack two (Reverse Proxy / Gateway) is fixed in current versions. Apply the latest supplied vendor patches.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:U/RL:U/RC:ND)
References
BID 69018
Plugin Information
Published: 2014/08/06, Modified: 2022/09/20
Plugin Output

tcp/443/www


Nessus was able to verify the issue with the following request :

GET /autodiscover/autodiscover.xml HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

Which returned the following IP address :

10.2.1.135

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/110/pop3


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/443/www


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

142960 - HSTS Missing From HTTPS Server (RFC 6797)
-
Synopsis
The remote web server is not enforcing HSTS, as defined by RFC 6797.
Description
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2020/11/17, Modified: 2023/06/08
Plugin Output

tcp/8010/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/8010/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/8010/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/110/pop3

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/110/pop3

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1.1 is enabled and the server supports at least one cipher.
10759 - Web Server HTTP Header Internal IP Disclosure
-
Synopsis
This web server leaks a private IP address through its HTTP headers.
Description
This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.

There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection.
See Also
Solution
Apply configuration suggested by vendor.
Risk Factor
Low
CVSS v3.0 Base Score
3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
2.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
2.2
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
2.0 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 1499
CVE CVE-2000-0649
XREF CWE:200
Plugin Information
Published: 2001/09/14, Modified: 2022/12/30
Plugin Output

tcp/443/www


Nessus was able to exploit the issue using the following request :

GET / HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*




This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
Cache-Control: no-cache
Pragma: no-cache
Location: https://10.2.1.135/owa/
Server: Microsoft-IIS/10.0
X-FEServer: EXCH2016
X-RequestId: 0497209e-f411-4251-bda3-d38fc238e895
Date: Thu, 26 Oct 2023 07:44:28 GMT
Connection: close
Content-Length: 0

[...]

------------------------------ snip ------------------------------

46180 - Additional DNS Hostnames
-
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Published: 2010/04/29, Modified: 2022/08/15
Plugin Output

tcp/0

The following hostnames point to the remote host :
- autodiscover.infinitiofmemphis.com
- webmail.gossettmotors.com
- autodiscover.gossettmotors.com
45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_10 -> Microsoft Windows 10 64-bit

Following application CPE's matched on the remote system :

cpe:/a:microsoft:exchange_server -> Microsoft Exchange Server
cpe:/a:microsoft:exchange_server:15.1.2507 -> Microsoft Exchange Server
cpe:/a:microsoft:iis:10.0 -> Microsoft IIS
cpe:/a:microsoft:outlook_web_access:15.1.2507 -> Microsoft outlook_web_access

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 75

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/443/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/8010/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

Microsoft-IIS/10.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/443/www

The remote web server type is :

Microsoft-IIS/10.0

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.102 resolves as net-216-37-68-102.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 403 Forbidden

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: Microsoft-IIS/10.0
Date: Thu, 26 Oct 2023 07:57:14 GMT
Content-Length: 0

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 302 Moved Temporarily

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Cache-Control: no-cache
Pragma: no-cache
Location: https://net-216-37-68-102.in-addr.worldspice.net/owa/
Server: Microsoft-IIS/10.0
X-FEServer: EXCH2016
X-RequestId: bdcaf1a2-1013-4fd7-9085-fbf69253e3a4
Date: Thu, 26 Oct 2023 07:57:14 GMT
Connection: close
Content-Length: 0

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/8010/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Length: 4532
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'

Response Body :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://net-216-37-68-102.in-addr.worldspice.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>

108804 - Microsoft Exchange Server Detection (Uncredentialed)
-
Synopsis
The remote host is running an Exchange Server.
Description
One or more Microsoft Exchange servers are listening on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/04/03, Modified: 2023/10/16
Plugin Output

tcp/110/pop3


Path :
Version : unknown
Source : POP3

108804 - Microsoft Exchange Server Detection (Uncredentialed)
-
Synopsis
The remote host is running an Exchange Server.
Description
One or more Microsoft Exchange servers are listening on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/04/03, Modified: 2023/10/16
Plugin Output

tcp/443/www


Path : /owa/auth/logon.aspx
Version : 15.1.2507
Source : HTTP/HTTPS
major : 15
minor : 1
patch : 2507
14255 - Microsoft Outlook Web Access (OWA) Version Detection
-
Synopsis
It is possible to extract the version of Microsoft Exchange Server installed on the remote host.
Description
Microsoft Exchange Server with Outlook Web Access (OWA) embeds the Exchange version number inside the default HTML web page. By requesting the default HTML page, Nessus was able to extract the Microsoft Exchange server version.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/08/11, Modified: 2023/05/24
Plugin Output

tcp/443/www


URL : https://net-216-37-68-102.in-addr.worldspice.net/owa/auth/logon.aspx
Version : 15.1.2507
CU : 23

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/110/pop3

Port 110/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/8010/www

Port 8010/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 74.145 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 2:06 CDT
Scan duration : 6115 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Microsoft Windows 10
Confidence level : 75
Method : HTTP


The remote host is running Microsoft Windows 10

10185 - POP Server Detection
-
Synopsis
A POP server is listening on the remote port.
Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.
See Also
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2019/11/22
Plugin Output

tcp/110/pop3


Remote POP server banner :

+OK The Microsoft Exchange POP3 service is ready.
42087 - POP3 Service STLS Command Support
-
Synopsis
The remote mail service supports encrypting traffic.
Description
The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/10/09, Modified: 2021/02/24
Plugin Output

tcp/110/pop3


Here is the POP3 server's SSL certificate that Nessus was able to
collect after sending a 'STLS' command :

------------------------------ snip ------------------------------
Subject Name:

Common Name: mail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 57 84 E9 48 F2 E6 A5 79

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Aug 07 12:24:47 2023 GMT
Not Valid After: Sep 07 12:24:47 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 97 7C 4C 81 27 9C 55 DB 82 97 BA 53 67 E0 3C 55 24 40 2D
BA C1 15 AB 31 1E 81 2B BF 8F 01 1E C3 69 BE B2 6E 04 3F A8
DF F3 25 98 C7 A0 38 A9 81 CA 19 5F E6 F9 D3 8F D5 6D F4 B2
9F 39 A1 4C 1E 83 70 D2 8A 60 07 52 77 91 FD 95 D1 DD 52 3B
98 20 CF 78 B8 8D 16 EE 75 7C 17 DA 62 0A 93 38 E5 BB 1B 5B
29 1E 48 F0 50 A3 40 A1 75 42 2A 3F A8 CD 38 EB C5 15 BD BB
12 79 15 7E E4 E2 88 5C 21 8C F9 33 38 FF 03 A4 31 30 4B F9
26 F5 98 92 A5 80 5A 04 23 A1 AE 5E C1 23 E8 BC B3 D9 A1 70
CA 96 63 90 65 3D 0A C7 5F AE 1B 52 DF 49 37 57 29 1A 70 90
9C 5C 3A 91 FB 2E 13 30 3B 7C 19 C5 9D D3 A6 6C FC 20 3D 94
4D 46 38 5E AC E1 07 DA 80 C8 74 D6 CB 64 18 B5 84 69 36 37
82 98 16 63 3D 44 C5 A2 B8 1E 37 59 B6 3D C6 CE 8D AD B4 A1
C8 6C 84 B2 D2 C0 37 BC AF C5 FA A9 1E 35 49 24 0B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 3F 92 6D 88 D6 96 C3 BA D3 A0 93 D5 4A 70 0D F4 A2 7F 5C
42 11 A9 8A E1 6D E9 B5 06 10 8B CF 75 3A 23 96 FD 20 D0 9A
68 9E D9 23 53 FC 0F 37 D6 24 5D 81 BF CF EB 7A 4D AE E6 43
74 18 16 89 4C B2 58 35 B1 35 4B 82 F5 B0 A8 02 78 F3 FA 9A
AB 36 8F 9D 51 23 47 F5 BC 2C 83 52 8A 57 A2 74 D2 7B 81 CF
C0 7D D6 FB 28 AF 0D 2D 17 33 EB 93 40 BC 75 06 71 F8 9F 11
5B 04 16 B1 4D 32 E1 4C 5C 75 D2 35 01 F3 ED 65 B8 62 A0 13
9F 68 6A 98 37 87 D7 7B 02 27 4A 61 BB EA BD EB 44 F8 95 62
02 9E F7 5C C7 63 06 C7 DC 6F 6C 7B 0D 49 CF 94 93 62 2E A6
FB 89 2F 48 BE 57 00 A0 D1 9D B8 AC 4E 5D BF F9 F9 1B F4 CD
E9 1C 79 4A F5 FE 91 49 47 75 07 0E DD B1 48 8B 66 06 8D E9
12 33 27 BB 41 0E FB 27 F0 AA 27 F3 FE FA 76 F4 AE C0 0C 5F
4F 8C 85 76 0A C9 9C B6 F8 B9 3F BC 2A 65 10 24 02

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-8011.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: mail.gossettmotors.com
DNS: www.mail.gossettmotors.com
DNS: autodiscover.infinitiofmemphis.com
DNS: mail.infinitiofmemphis.com
DNS: webmail.gossettmotors.com
DNS: autodiscover.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 7E 71 C0 EB 5F D5 13 97 3B 98 25 B5 97 BD 3E 69 AC F3 2A 6F


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 6B 01 69 00 76 00 EE CD D0 64 D5 DB 1A CE C5 5C B7
9D B4 CD 13 A2 32 87 46 7C BC EC DE C3 51 48 59 46 71 1F B5
9B 00 00 01 89 CF F5 56 C3 00 00 04 03 00 47 30 45 02 21 00
B0 D4 B5 31 15 24 DC 67 C6 6D 79 47 9A BC 66 FD C9 88 48 36
4F B1 B2 AF 68 06 11 60 39 6E 75 08 02 20 7C 9C 34 E9 AE 26
12 3E BD F6 A7 DF FC 84 FA 8D 2D 68 B5 F7 37 6A 9D CF 78 E6
27 DD A5 3C 2C FC 00 77 00 48 B0 E3 6B DA A6 47 34 0F E5 6A
02 FA 9D 30 EB 1C 52 01 CB 56 DD 2C 81 D9 BB BF AB 39 D8 84
73 00 00 01 89 CF F5 57 F7 00 00 04 03 00 48 30 46 02 21 00
F0 15 39 B7 C8 96 B3 47 0F 6A D8 EE 85 24 B7 DD 93 71 2A C2
2F 39 E4 CE 62 67 98 7C 87 21 45 2E 02 21 00 E7 BC 92 6A 11
8C 64 E8 FD 33 A7 0B 1C D3 B9 C2 3D 9C DC 6F 7A 65 90 D7 D8
59 32 5C 05 8A 45 B8 00 76 00 DA B6 BF 6B 3F B5 B6 22 9F 9B
C2 BB 5C 6B E8 70 91 71 6C BB 51 84 85 34 BD A4 3D 30 48 D7
FB AB 00 00 01 89 CF F5 58 A2 00 00 04 03 00 47 30 45 02 21
00 A8 D6 BF E2 00 DC 97 9B 66 0B 8B A1 62 D7 62 80 63 BA 4E
D1 A8 4F 3D 2D 12 36 AF 30 0D 34 36 1B 02 20 6A BD 62 10 F6
17 82 7E ED 70 B0 81 52 F3 63 EB 08 14 FB F7 89 E0 5C BC F3
B9 F1 3F 42 84 51 04


------------------------------ snip ------------------------------

31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 8010 (15 hops away)
- 80 (15 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Linux Kernel 2.6

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

+ On the following port(s) :
- 110 (15 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/110/pop3


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/8010/www


This port supports TLSv1.3/TLSv1.2.

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/110/pop3

Subject Name:

Common Name: mail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 57 84 E9 48 F2 E6 A5 79

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Aug 07 12:24:47 2023 GMT
Not Valid After: Sep 07 12:24:47 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 97 7C 4C 81 27 9C 55 DB 82 97 BA 53 67 E0 3C 55 24 40 2D
BA C1 15 AB 31 1E 81 2B BF 8F 01 1E C3 69 BE B2 6E 04 3F A8
DF F3 25 98 C7 A0 38 A9 81 CA 19 5F E6 F9 D3 8F D5 6D F4 B2
9F 39 A1 4C 1E 83 70 D2 8A 60 07 52 77 91 FD 95 D1 DD 52 3B
98 20 CF 78 B8 8D 16 EE 75 7C 17 DA 62 0A 93 38 E5 BB 1B 5B
29 1E 48 F0 50 A3 40 A1 75 42 2A 3F A8 CD 38 EB C5 15 BD BB
12 79 15 7E E4 E2 88 5C 21 8C F9 33 38 FF 03 A4 31 30 4B F9
26 F5 98 92 A5 80 5A 04 23 A1 AE 5E C1 23 E8 BC B3 D9 A1 70
CA 96 63 90 65 3D 0A C7 5F AE 1B 52 DF 49 37 57 29 1A 70 90
9C 5C 3A 91 FB 2E 13 30 3B 7C 19 C5 9D D3 A6 6C FC 20 3D 94
4D 46 38 5E AC E1 07 DA 80 C8 74 D6 CB 64 18 B5 84 69 36 37
82 98 16 63 3D 44 C5 A2 B8 1E 37 59 B6 3D C6 CE 8D AD B4 A1
C8 6C 84 B2 D2 C0 37 BC AF C5 FA A9 1E 35 49 24 0B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 3F 92 6D 88 D6 96 C3 BA D3 A0 93 D5 4A 70 0D F4 A2 7F 5C
42 11 A9 8A E1 6D E9 B5 06 10 8B CF 75 3A 23 96 FD 20 D0 9A
68 9E D9 23 53 FC 0F 37 D6 24 5D 81 BF CF EB 7A 4D AE E6 43
74 18 16 89 4C B2 58 35 B1 35 4B 82 F5 B0 A8 02 78 F3 FA 9A
AB 36 8F 9D 51 23 47 F5 BC 2C 83 52 8A 57 A2 74 D2 7B 81 CF
C0 7D D6 FB 28 AF 0D 2D 17 33 EB 93 40 BC 75 06 71 F8 9F 11
5B 04 16 B1 4D 32 E1 4C 5C 75 D2 35 01 F3 ED 65 B8 62 A0 13
9F 68 6A 98 37 87 D7 7B 02 27 4A 61 BB EA BD EB 44 F8 95 62
02 9E F7 5C C7 63 06 C7 DC 6F 6C 7B 0D 49 CF 94 93 62 2E A6
FB 89 2F 48 BE 57 00 A0 D1 9D B8 AC 4E 5D BF F9 F9 1B F4 CD
E9 1C 79 4A F5 FE 91 49 47 75 07 0E DD B1 48 8B 66 06 8D E9
12 33 27 BB 41 0E FB 27 F0 AA 27 F3 FE FA 76 F4 AE C0 0C 5F
4F 8C 85 76 0A C9 9C B6 F8 B9 3F BC 2A 65 10 24 02

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-8011.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: mail.gossettmotors.com
DNS: www.mail.gossettmotors.com
DNS: autodiscover.infinitiofmemphis.com
DNS: mail.infinitiofmemphis.com
DNS: webmail.gossettmotors.com
DNS: autodiscover.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 7E 71 C0 EB 5F D5 13 97 3B 98 25 B5 97 BD 3E 69 AC F3 2A 6F


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 6B 01 69 00 76 00 EE CD D0 64 D5 DB 1A CE C5 5C B7
9D B4 CD 13 A2 32 87 46 7C BC EC DE C3 51 48 59 46 71 1F B5
9B 00 00 01 89 CF F5 56 C3 00 00 04 03 00 47 30 45 02 21 00
B0 D4 B5 31 15 24 DC 67 C6 6D 79 47 9A BC 66 FD C9 88 48 36
4F B1 B2 AF 68 06 11 60 39 6E 75 08 02 20 7C 9C 34 E9 AE 26
12 3E BD F6 A7 DF FC 84 FA 8D 2D 68 B5 F7 37 6A 9D CF 78 E6
27 DD A5 3C 2C FC 00 77 00 48 B0 E3 6B DA A6 47 34 0F E5 6A
02 FA 9D 30 EB 1C 52 01 CB 56 DD 2C 81 D9 BB BF AB 39 D8 84
73 00 00 01 89 CF F5 57 F7 00 00 04 03 00 48 30 46 02 21 00
F0 15 39 B7 C8 96 B3 47 0F 6A D8 EE 85 24 B7 DD 93 71 2A C2
2F 39 E4 CE 62 67 98 7C 87 21 45 2E 02 21 00 E7 BC 92 6A 11
8C 64 E8 FD 33 A7 0B 1C D3 B9 C2 3D 9C DC 6F 7A 65 90 D7 D8
59 32 5C 05 8A 45 B8 00 76 00 DA B6 BF 6B 3F B5 B6 22 9F 9B
C2 BB 5C 6B E8 70 91 71 6C BB 51 84 85 34 BD A4 3D 30 48 D7
FB AB 00 00 01 89 CF F5 58 A2 00 00 04 03 00 47 30 45 02 21
00 A8 D6 BF E2 00 DC 97 9B 66 0B 8B A1 62 D7 62 80 63 BA 4E
D1 A8 4F 3D 2D 12 36 AF 30 0D 34 36 1B 02 20 6A BD 62 10 F6
17 82 7E ED 70 B0 81 52 F3 63 EB 08 14 FB F7 89 E0 5C BC F3
B9 F1 3F 42 84 51 04


Fingerprints :

SHA-256 Fingerprint: 22 BF AE 09 29 35 13 A8 CD 9C 6A FA BC 82 9D B1 E8 95 AE F8
22 3F 31 3D B2 0F 39 BD F1 27 30 95
SHA-1 Fingerprint: 4E 55 90 67 AD B9 4A 8C E9 D6 81 DB 1B B6 EE 6F FE DB A6 EC
MD5 Fingerprint: 3A 15 22 B5 C4 E7 0A 7F C8 73 64 18 65 6F AF 5E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIHLDCCBhSgAwIBAgIIV4TpSPLmpXkwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwODA3MTIyNDQ3WhcNMjQwOTA3MTIyNDQ3WjAhMR8wHQYDVQQDExZtYWlsLmdvc3NldHRtb3RvcnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3xMgSecVduCl7pTZ+A8VSRALbrBFasxHoErv48BHsNpvrJuBD+o3/MlmMegOKmByhlf5vnTj9Vt9LKfOaFMHoNw0opgB1J3kf2V0d1SO5ggz3i4jRbudXwX2mIKkzjluxtbKR5I8FCjQKF1Qio/qM0468UVvbsSeRV+5OKIXCGM+TM4/wOkMTBL+Sb1mJKlgFoEI6GuXsEj6Lyz2aFwypZjkGU9CsdfrhtS30k3VykacJCcXDqR+y4TMDt8GcWd06Zs/CA9lE1GOF6s4QfagMh01stkGLWEaTY3gpgWYz1ExaK4HjdZtj3Gzo2ttKHIbISy0sA3vK/F+qkeNUkkCwIDAQABo4ID0jCCA84wDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS04MDExLmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMIG6BgNVHREEgbIwga+CFm1haWwuZ29zc2V0dG1vdG9ycy5jb22CGnd3dy5tYWlsLmdvc3NldHRtb3RvcnMuY29tgiJhdXRvZGlzY292ZXIuaW5maW5pdGlvZm1lbXBoaXMuY29tghptYWlsLmluZmluaXRpb2ZtZW1waGlzLmNvbYIZd2VibWFpbC5nb3NzZXR0bW90b3JzLmNvbYIeYXV0b2Rpc2NvdmVyLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBR+ccDrX9UTlzuYJbWXvT5prPMqbzCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGJz/VWwwAABAMARzBFAiEAsNS1MRUk3GfGbXlHmrxm/cmISDZPsbKvaAYRYDludQgCIHycNOmuJhI+vfan3/yE+o0taLX3N2qdz3jmJ92lPCz8AHcASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGJz/VX9wAABAMASDBGAiEA8BU5t8iWs0cPatjuhSS33ZNxKsIvOeTOYmeYfIchRS4CIQDnvJJqEYxk6P0zpwsc07nCPZzcb3plkNfYWTJcBYpFuAB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABic/1WKIAAAQDAEcwRQIhAKjWv+IA3JebZguLoWLXYoBjuk7RqE89LRI2rzANNDYbAiBqvWIQ9heCfu1wsIFS82PrCBT794ngXLzzufE/QoRRBDANBgkqhkiG9w0BAQsFAAOCAQEAP5JtiNaWw7rToJPVSnAN9KJ/XEIRqYrhbem1BhCLz3U6I5b9INCaaJ7ZI1P8DzfWJF2Bv8/rek2u5kN0GBaJTLJYNbE1S4L1sKgCePP6mqs2j51RI0f1vCyDUopXonTSe4HPwH3W+yivDS0XM+uTQLx1BnH4nxFbBBaxTTLhTFx10jUB8+1luGKgE59oapg3h9d7AidKYbvqvetE+JViAp73XMdjBsfcb2x7DUnPlJNiLqb7iS9IvlcAoNGduKxOXb/5+Rv0zekceUr1/pFJR3UHDt2xSItmBo3pEjMnu0EO+yfwqifz/vp29K7ADF9PjIV2Csmctvi5P7wqZRAkAg==
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Common Name: mail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 57 84 E9 48 F2 E6 A5 79

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Aug 07 12:24:47 2023 GMT
Not Valid After: Sep 07 12:24:47 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 97 7C 4C 81 27 9C 55 DB 82 97 BA 53 67 E0 3C 55 24 40 2D
BA C1 15 AB 31 1E 81 2B BF 8F 01 1E C3 69 BE B2 6E 04 3F A8
DF F3 25 98 C7 A0 38 A9 81 CA 19 5F E6 F9 D3 8F D5 6D F4 B2
9F 39 A1 4C 1E 83 70 D2 8A 60 07 52 77 91 FD 95 D1 DD 52 3B
98 20 CF 78 B8 8D 16 EE 75 7C 17 DA 62 0A 93 38 E5 BB 1B 5B
29 1E 48 F0 50 A3 40 A1 75 42 2A 3F A8 CD 38 EB C5 15 BD BB
12 79 15 7E E4 E2 88 5C 21 8C F9 33 38 FF 03 A4 31 30 4B F9
26 F5 98 92 A5 80 5A 04 23 A1 AE 5E C1 23 E8 BC B3 D9 A1 70
CA 96 63 90 65 3D 0A C7 5F AE 1B 52 DF 49 37 57 29 1A 70 90
9C 5C 3A 91 FB 2E 13 30 3B 7C 19 C5 9D D3 A6 6C FC 20 3D 94
4D 46 38 5E AC E1 07 DA 80 C8 74 D6 CB 64 18 B5 84 69 36 37
82 98 16 63 3D 44 C5 A2 B8 1E 37 59 B6 3D C6 CE 8D AD B4 A1
C8 6C 84 B2 D2 C0 37 BC AF C5 FA A9 1E 35 49 24 0B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 3F 92 6D 88 D6 96 C3 BA D3 A0 93 D5 4A 70 0D F4 A2 7F 5C
42 11 A9 8A E1 6D E9 B5 06 10 8B CF 75 3A 23 96 FD 20 D0 9A
68 9E D9 23 53 FC 0F 37 D6 24 5D 81 BF CF EB 7A 4D AE E6 43
74 18 16 89 4C B2 58 35 B1 35 4B 82 F5 B0 A8 02 78 F3 FA 9A
AB 36 8F 9D 51 23 47 F5 BC 2C 83 52 8A 57 A2 74 D2 7B 81 CF
C0 7D D6 FB 28 AF 0D 2D 17 33 EB 93 40 BC 75 06 71 F8 9F 11
5B 04 16 B1 4D 32 E1 4C 5C 75 D2 35 01 F3 ED 65 B8 62 A0 13
9F 68 6A 98 37 87 D7 7B 02 27 4A 61 BB EA BD EB 44 F8 95 62
02 9E F7 5C C7 63 06 C7 DC 6F 6C 7B 0D 49 CF 94 93 62 2E A6
FB 89 2F 48 BE 57 00 A0 D1 9D B8 AC 4E 5D BF F9 F9 1B F4 CD
E9 1C 79 4A F5 FE 91 49 47 75 07 0E DD B1 48 8B 66 06 8D E9
12 33 27 BB 41 0E FB 27 F0 AA 27 F3 FE FA 76 F4 AE C0 0C 5F
4F 8C 85 76 0A C9 9C B6 F8 B9 3F BC 2A 65 10 24 02

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-8011.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: mail.gossettmotors.com
DNS: www.mail.gossettmotors.com
DNS: autodiscover.infinitiofmemphis.com
DNS: mail.infinitiofmemphis.com
DNS: webmail.gossettmotors.com
DNS: autodiscover.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 7E 71 C0 EB 5F D5 13 97 3B 98 25 B5 97 BD 3E 69 AC F3 2A 6F


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 6B 01 69 00 76 00 EE CD D0 64 D5 DB 1A CE C5 5C B7
9D B4 CD 13 A2 32 87 46 7C BC EC DE C3 51 48 59 46 71 1F B5
9B 00 00 01 89 CF F5 56 C3 00 00 04 03 00 47 30 45 02 21 00
B0 D4 B5 31 15 24 DC 67 C6 6D 79 47 9A BC 66 FD C9 88 48 36
4F B1 B2 AF 68 06 11 60 39 6E 75 08 02 20 7C 9C 34 E9 AE 26
12 3E BD F6 A7 DF FC 84 FA 8D 2D 68 B5 F7 37 6A 9D CF 78 E6
27 DD A5 3C 2C FC 00 77 00 48 B0 E3 6B DA A6 47 34 0F E5 6A
02 FA 9D 30 EB 1C 52 01 CB 56 DD 2C 81 D9 BB BF AB 39 D8 84
73 00 00 01 89 CF F5 57 F7 00 00 04 03 00 48 30 46 02 21 00
F0 15 39 B7 C8 96 B3 47 0F 6A D8 EE 85 24 B7 DD 93 71 2A C2
2F 39 E4 CE 62 67 98 7C 87 21 45 2E 02 21 00 E7 BC 92 6A 11
8C 64 E8 FD 33 A7 0B 1C D3 B9 C2 3D 9C DC 6F 7A 65 90 D7 D8
59 32 5C 05 8A 45 B8 00 76 00 DA B6 BF 6B 3F B5 B6 22 9F 9B
C2 BB 5C 6B E8 70 91 71 6C BB 51 84 85 34 BD A4 3D 30 48 D7
FB AB 00 00 01 89 CF F5 58 A2 00 00 04 03 00 47 30 45 02 21
00 A8 D6 BF E2 00 DC 97 9B 66 0B 8B A1 62 D7 62 80 63 BA 4E
D1 A8 4F 3D 2D 12 36 AF 30 0D 34 36 1B 02 20 6A BD 62 10 F6
17 82 7E ED 70 B0 81 52 F3 63 EB 08 14 FB F7 89 E0 5C BC F3
B9 F1 3F 42 84 51 04


Fingerprints :

SHA-256 Fingerprint: 22 BF AE 09 29 35 13 A8 CD 9C 6A FA BC 82 9D B1 E8 95 AE F8
22 3F 31 3D B2 0F 39 BD F1 27 30 95
SHA-1 Fingerprint: 4E 55 90 67 AD B9 4A 8C E9 D6 81 DB 1B B6 EE 6F FE DB A6 EC
MD5 Fingerprint: 3A 15 22 B5 C4 E7 0A 7F C8 73 64 18 65 6F AF 5E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIHLDCCBhSgAwIBAgIIV4TpSPLmpXkwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwODA3MTIyNDQ3WhcNMjQwOTA3MTIyNDQ3WjAhMR8wHQYDVQQDExZtYWlsLmdvc3NldHRtb3RvcnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3xMgSecVduCl7pTZ+A8VSRALbrBFasxHoErv48BHsNpvrJuBD+o3/MlmMegOKmByhlf5vnTj9Vt9LKfOaFMHoNw0opgB1J3kf2V0d1SO5ggz3i4jRbudXwX2mIKkzjluxtbKR5I8FCjQKF1Qio/qM0468UVvbsSeRV+5OKIXCGM+TM4/wOkMTBL+Sb1mJKlgFoEI6GuXsEj6Lyz2aFwypZjkGU9CsdfrhtS30k3VykacJCcXDqR+y4TMDt8GcWd06Zs/CA9lE1GOF6s4QfagMh01stkGLWEaTY3gpgWYz1ExaK4HjdZtj3Gzo2ttKHIbISy0sA3vK/F+qkeNUkkCwIDAQABo4ID0jCCA84wDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS04MDExLmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMIG6BgNVHREEgbIwga+CFm1haWwuZ29zc2V0dG1vdG9ycy5jb22CGnd3dy5tYWlsLmdvc3NldHRtb3RvcnMuY29tgiJhdXRvZGlzY292ZXIuaW5maW5pdGlvZm1lbXBoaXMuY29tghptYWlsLmluZmluaXRpb2ZtZW1waGlzLmNvbYIZd2VibWFpbC5nb3NzZXR0bW90b3JzLmNvbYIeYXV0b2Rpc2NvdmVyLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBR+ccDrX9UTlzuYJbWXvT5prPMqbzCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGJz/VWwwAABAMARzBFAiEAsNS1MRUk3GfGbXlHmrxm/cmISDZPsbKvaAYRYDludQgCIHycNOmuJhI+vfan3/yE+o0taLX3N2qdz3jmJ92lPCz8AHcASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGJz/VX9wAABAMASDBGAiEA8BU5t8iWs0cPatjuhSS33ZNxKsIvOeTOYmeYfIchRS4CIQDnvJJqEYxk6P0zpwsc07nCPZzcb3plkNfYWTJcBYpFuAB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABic/1WKIAAAQDAEcwRQIhAKjWv+IA3JebZguLoWLXYoBjuk7RqE89LRI2rzANNDYbAiBqvWIQ9heCfu1wsIFS82PrCBT794ngXLzzufE/QoRRBDANBgkqhkiG9w0BAQsFAAOCAQEAP5JtiNaWw7rToJPVSnAN9KJ/XEIRqYrhbem1BhCLz3U6I5b9INCaaJ7ZI1P8DzfWJF2Bv8/rek2u5kN0GBaJTLJYNbE1S4L1sKgCePP6mqs2j51RI0f1vCyDUopXonTSe4HPwH3W+yivDS0XM+uTQLx1BnH4nxFbBBaxTTLhTFx10jUB8+1luGKgE59oapg3h9d7AidKYbvqvetE+JViAp73XMdjBsfcb2x7DUnPlJNiLqb7iS9IvlcAoNGduKxOXb/5+Rv0zekceUr1/pFJR3UHDt2xSItmBo3pEjMnu0EO+yfwqifz/vp29K7ADF9PjIV2Csmctvi5P7wqZRAkAg==
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/8010/www

Subject Name:

Common Name: net-216-37-68-102.in-addr.worldspice.net

Issuer Name:

Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: FG3H0ETB18900177
Email Address: support@fortinet.com

Serial Number: 19 FB AF 17 2F A1 B9 FD 01 E3

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 48 4C 21 D2 46 4B 98 4B 33 89 52 BE B6 6A EF D4 82 E7
F2 8A 49 C1 8A F9 8C 67 17 93 4F 8B 98 6F 13 0D 7F 9F F8 23
91 49 1E 97 58 B6 A7 CD D6 1E C5 15 26 B8 3A 03 BD 0C 38 CC
1B E3 77 23 76 33 1D E3 CF 80 BF 5A E4 08 FE 9F B2 22 71 68
FF E7 79 CA D2 EC FC 6E 91 7E 7B 85 BA 40 43 30 FD AF 14 14
FD 61 5D 6E 03 AD 0B 72 4A B0 4D 9F 3E 0C 4D 73 66 11 88 6F
C8 6D A3 38 05 79 2E 68 12 2D 34 B3 67 A8 C2 A2 47 FD 69 67
17 A0 BB 09 92 9C 05 13 A1 C5 C1 4B 91 23 11 8B 9D 0A E0 0C
AA E9 23 5C 49 75 2A 20 25 3A 1F F7 BE A8 26 B8 48 4B D8 30
AF 76 2C 7B C1 4D AD 00 7D 18 38 88 D1 1A 99 BA 72 B4 F6 59
14 29 79 ED A6 6E B7 F6 B7 BA 3B 1B 7C 2B 66 EE 68 98 F8 DA
4C 82 00 F0 02 28 84 47 C2 E3 35 4A 0F D9 9D 0B F3 A3 84 9E
F9 16 3E 8D 05 34 1F 17 00 DE 0B F3 ED D9 CA 81 17
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 4E 88 78 F7 DC AE DD FE C4 15 BE D4 D0 71 56 23 0D 92 BE
3D F6 DB E4 FD 70 64 31 AB C4 69 90 42 31 C7 E2 F3 39 D4 AA
3B 05 01 40 68 C5 4B 71 8B A8 B2 C5 F4 B6 D1 DF DA 4A 22 21
83 17 09 AA D3 6F 6E 61 A5 6B 3C FD B9 27 BD ED 59 79 BA DB
D4 AD BC FC 2E 50 44 00 43 25 EE CE 72 AD 70 BD 5B 91 15 56
96 4B A3 6B B9 27 2A 28 03 3B E6 3A 63 3F EA 4D B1 71 0F B6
B6 43 45 DB 6D E4 09 01 77 94 E8 E3 EA E5 64 42 AA 3B 04 DF
B9 04 6A F8 87 68 E5 5E 70 97 14 17 56 A9 35 DD C7 12 93 CE
27 5F 7F 79 D7 63 65 98 7E 02 5E F1 FF 93 08 1D DD D1 76 E3
51 2B 97 3D A6 36 FD A9 95 3F 6E 74 35 B8 6E 8F E8 85 20 ED
4B 04 97 DC 42 BD 72 BB D0 44 D3 98 43 EF DF B7 E7 BB 17 7C
56 B7 71 1D 29 C4 26 BD 59 8F F1 27 7D 9B 1A 1A 59 84 A4 A1
21 E0 CC 24 52 8F 98 C0 CC 29 2D 3B 82 75 A0 C4 96

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: net-216-37-68-102.in-addr.worldspice.net


Fingerprints :

SHA-256 Fingerprint: 76 5F 8D 7C 72 7C 56 DF 15 9C FC 6F 56 98 AF 4E 2D 34 96 2F
5C 5C E5 43 BA AF B6 89 C3 D7 65 14
SHA-1 Fingerprint: F9 E7 7E 6C 9D C7 7D CC 31 B2 57 C7 49 A2 92 D2 80 EB 73 45
MD5 Fingerprint: 5A BE F0 79 D4 1E 87 94 2E 4F B0 76 C7 DE 45 46


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIKGfuvFy+huf0B4zANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAwwQRkczSDBFVEIxODkwMDE3NzEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwODE2MTUzNDE5WhcNMzAwODE3MTUzNDE5WjAzMTEwLwYDVQQDDChuZXQtMjE2LTM3LTY4LTEwMi5pbi1hZGRyLndvcmxkc3BpY2UubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEhMIdJGS5hLM4lSvrZq79SC5/KKScGK+YxnF5NPi5hvEw1/n/gjkUkel1i2p83WHsUVJrg6A70MOMwb43cjdjMd48+Av1rkCP6fsiJxaP/necrS7PxukX57hbpAQzD9rxQU/WFdbgOtC3JKsE2fPgxNc2YRiG/IbaM4BXkuaBItNLNnqMKiR/1pZxeguwmSnAUTocXBS5EjEYudCuAMqukjXEl1KiAlOh/3vqgmuEhL2DCvdix7wU2tAH0YOIjRGpm6crT2WRQpee2mbrf2t7o7G3wrZu5omPjaTIIA8AIohEfC4zVKD9mdC/OjhJ75Fj6NBTQfFwDeC/Pt2cqBFwIDAQABo0IwQDAJBgNVHRMEAjAAMDMGA1UdEQQsMCqCKG5ldC0yMTYtMzctNjgtMTAyLmluLWFkZHIud29ybGRzcGljZS5uZXQwDQYJKoZIhvcNAQELBQADggEBAE6IePfcrt3+xBW+1NBxViMNkr499tvk/XBkMavEaZBCMcfi8znUqjsFAUBoxUtxi6iyxfS20d/aSiIhgxcJqtNvbmGlazz9uSe97Vl5utvUrbz8LlBEAEMl7s5yrXC9W5EVVpZLo2u5JyooAzvmOmM/6k2xcQ+2tkNF223kCQF3lOjj6uVkQqo7BN+5BGr4h2jlXnCXFBdWqTXdxxKTzidff3nXY2WYfgJe8f+TCB3d0XbjUSuXPaY2/amVP250Nbhuj+iFIO1LBJfcQr1yu9BE05hD79+357sXfFa3cR0pxCa9WY/xJ32bGhpZhKShIeDMJFKPmMDMKS07gnWgxJY=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/110/pop3


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/443/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/110/pop3


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8010/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/110/pop3


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/8010/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/110/pop3


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/8010/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/110/pop3


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/443/www


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/8010/www


The following root Certification Authority certificate was found :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Valid From : Nov 06 06:12:11 2018 GMT
|-Valid To : Nov 06 06:12:11 2028 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/110/pop3

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/8010/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/110/pop3

A POP3 server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/8010/www

A TLSv1.2 server answered on this port.

tcp/8010/www

A web server is running on this port through TLSv1.2.

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

84821 - TLS ALPN Supported Protocol Enumeration
-
Synopsis
The remote host supports the TLS ALPN extension.
Description
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/07/17, Modified: 2023/07/10
Plugin Output

tcp/443/www


http/1.1

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/110/pop3

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1.1 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/110/pop3

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/8010/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.102 :
192.168.100.162

An error was detected along the way.

An error was detected along the way.

An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.117
96.110.34.102
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.102

Hop Count: 16

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/443/www



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 302
rather than 404. The requested URL was :

https://net-216-37-68-102.in-addr.worldspice.net/5PBLJHQejRLe.html

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/8010/www


The following string will be used :
TYPE=password
216.37.68.103
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 02:30:20 2023
End time: Thu Oct 26 03:07:44 2023
Host Information
DNS Name: net-216-37-68-103.in-addr.worldspice.net
IP: 216.37.68.103
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.103 resolves as net-216-37-68-103.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.926 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 2:30 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.103 :
192.168.100.162
192.168.100.1
216.37.68.103

Hop Count: 2
216.37.68.104
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 03:07:44 2023
End time: Thu Oct 26 03:45:08 2023
Host Information
DNS Name: net-216-37-68-104.in-addr.worldspice.net
IP: 216.37.68.104
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.104 resolves as net-216-37-68-104.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.243 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 3:07 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.104 :
192.168.100.162
192.168.100.1
216.37.68.104

Hop Count: 2
216.37.68.105
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 03:45:08 2023
End time: Thu Oct 26 04:22:33 2023
Host Information
DNS Name: net-216-37-68-105.in-addr.worldspice.net
IP: 216.37.68.105
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.105 resolves as net-216-37-68-105.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.332 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 3:45 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.105 :
192.168.100.162
192.168.100.1
216.37.68.105

Hop Count: 2
216.37.68.106
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 03:48:47 2023
End time: Thu Oct 26 04:26:03 2023
Host Information
DNS Name: net-216-37-68-106.in-addr.worldspice.net
IP: 216.37.68.106
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.106 resolves as net-216-37-68-106.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.741 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 3:49 CDT
Scan duration : 2223 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.106 :
192.168.100.162
192.168.100.1
216.37.68.106

Hop Count: 2
216.37.68.107
0
7
22
0
146
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 04:22:33 2023
End time: Thu Oct 26 05:25:46 2023
Host Information
DNS Name: net-216-37-68-107.in-addr.worldspice.net
IP: 216.37.68.107
OS: FortiOS on Fortinet FortiGate
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/110/pop3


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/143/imap


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/443/www


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/465/smtp


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/993/imap


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/995/pop3


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

142960 - HSTS Missing From HTTPS Server (RFC 6797)
-
Synopsis
The remote web server is not enforcing HSTS, as defined by RFC 6797.
Description
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2020/11/17, Modified: 2023/06/08
Plugin Output

tcp/8010/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/8010/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com

65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
4.4
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
References
Plugin Information
Published: 2013/04/05, Modified: 2021/02/03
Plugin Output

tcp/110/pop3


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
4.4
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
References
Plugin Information
Published: 2013/04/05, Modified: 2021/02/03
Plugin Output

tcp/143/imap


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
4.4
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
References
Plugin Information
Published: 2013/04/05, Modified: 2021/02/03
Plugin Output

tcp/443/www


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
4.4
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
References
Plugin Information
Published: 2013/04/05, Modified: 2021/02/03
Plugin Output

tcp/465/smtp


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
4.4
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
References
Plugin Information
Published: 2013/04/05, Modified: 2021/02/03
Plugin Output

tcp/993/imap


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
4.4
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
References
Plugin Information
Published: 2013/04/05, Modified: 2021/02/03
Plugin Output

tcp/995/pop3


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/8010/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/110/pop3

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/143/imap

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/465/smtp

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/993/imap

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/995/pop3

TLSv1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/110/pop3

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/143/imap

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/465/smtp

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/993/imap

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/995/pop3

TLSv1.1 is enabled and the server supports at least one cipher.

46180 - Additional DNS Hostnames
-
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Published: 2010/04/29, Modified: 2022/08/15
Plugin Output

tcp/0

The following hostnames point to the remote host :
- fortimail.gossettmotors.com
- mail.gossettmotors.com
45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:fortinet:fortios -> Fortinet FortiOS

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : unknown
Confidence level : 56

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/8010/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

43111 - HTTP Methods Allowed (per directory)
-
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/12/10, Modified: 2022/04/11
Plugin Output

tcp/443/www

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD OPTIONS POST are allowed on :

/

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.107 resolves as net-216-37-68-107.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 09:48:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 18 May 2023 00:53:06 GMT
Accept-Ranges: bytes
Content-Length: 50
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src 'self'; object-src 'none'; frame-ancestors 'self'
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

Response Body :

<html>
<script src="./index.js"></script>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/8010/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Length: 4532
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'

Response Body :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://net-216-37-68-107.in-addr.worldspice.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>

11414 - IMAP Service Banner Retrieval
-
Synopsis
An IMAP server is running on the remote host.
Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/03/18, Modified: 2011/03/16
Plugin Output

tcp/143/imap

The remote imap server banner is :

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] mail service ready.

11414 - IMAP Service Banner Retrieval
-
Synopsis
An IMAP server is running on the remote host.
Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/03/18, Modified: 2011/03/16
Plugin Output

tcp/993/imap

The remote imap server banner is :

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] mail service ready.

42085 - IMAP Service STARTTLS Command Support
-
Synopsis
The remote mail service supports encrypting traffic.
Description
The remote IMAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/10/09, Modified: 2021/02/24
Plugin Output

tcp/143/imap


Here is the IMAP server's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :

------------------------------ snip ------------------------------
Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


------------------------------ snip ------------------------------

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/25/smtp

Port 25/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/110/pop3

Port 110/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/143/imap

Port 143/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/465/smtp

Port 465/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/993/imap

Port 993/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/995/pop3

Port 995/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/8010/www

Port 8010/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 83.583 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 4:22 CDT
Scan duration : 3785 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 56
Method : MLSinFP

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

SinFP:
P1:B11113:F0x12:W14600:O0204ffff:M1460:
P2:B11113:F0x12:W14480:O0204ffff0402080affffffff4445414401030307:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:190701_7_p=443R
SMTP:!:220 mail.gossettmotors.com ESMTP Smtpd; Thu, 26 Oct 2023 04:25:15 -0500
SSLcert:!:i/CN:Go Daddy Secure Certificate Authority - G2i/O:GoDaddy.com, Inc.i/OU:http://certs.godaddy.com/repository/s/CN:fortimail.gossettmotors.com
acd10cefd4f2c95ef43689aaf1a8e66c2993cbb5
i/CN:Go Daddy Secure Certificate Authority - G2i/O:GoDaddy.com, Inc.i/OU:http://certs.godaddy.com/repository/s/CN:fortimail.gossettmotors.com
acd10cefd4f2c95ef43689aaf1a8e66c2993cbb5



The remote host is running FortiOS on Fortinet FortiGate

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/25/smtp

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/110/pop3

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/143/imap

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/443/www

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/465/smtp

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/993/imap

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/995/pop3

10185 - POP Server Detection
-
Synopsis
A POP server is listening on the remote port.
Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.
See Also
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2019/11/22
Plugin Output

tcp/110/pop3


Remote POP server banner :

+OK mail service ready.

10185 - POP Server Detection
-
Synopsis
A POP server is listening on the remote port.
Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.
See Also
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2019/11/22
Plugin Output

tcp/995/pop3


Remote POP server banner :

+OK mail service ready.

42087 - POP3 Service STLS Command Support
-
Synopsis
The remote mail service supports encrypting traffic.
Description
The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/10/09, Modified: 2021/02/24
Plugin Output

tcp/110/pop3


Here is the POP3 server's SSL certificate that Nessus was able to
collect after sending a 'STLS' command :

------------------------------ snip ------------------------------
Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


------------------------------ snip ------------------------------

31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 8010 (15 hops away)
- 443 (15 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Linux Kernel 2.6

+ On the following port(s) :
- 465 (16 hops away)
- 995 (16 hops away)
- 993 (16 hops away)
- 53 (1 hops away)

The operating system was identified as :

Linux Kernel 2.6
Nutanix

+ On the following port(s) :
- 110 (15 hops away)
- 143 (15 hops away)
- 25 (15 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10263 - SMTP Server Detection
-
Synopsis
An SMTP server is listening on the remote port.
Description
The remote host is running a mail (SMTP) server on this port.

Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0932
Plugin Information
Published: 1999/10/12, Modified: 2020/09/22
Plugin Output

tcp/25/smtp


Remote SMTP server banner :

220 mail.gossettmotors.com ESMTP Smtpd; Thu, 26 Oct 2023 04:25:15 -0500

10263 - SMTP Server Detection
-
Synopsis
An SMTP server is listening on the remote port.
Description
The remote host is running a mail (SMTP) server on this port.

Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0932
Plugin Information
Published: 1999/10/12, Modified: 2020/09/22
Plugin Output

tcp/465/smtp


Remote SMTP server banner :

220 mail.gossettmotors.com ESMTP Smtpd; Thu, 26 Oct 2023 04:27:18 -0500

42088 - SMTP Service STARTTLS Command Support
-
Synopsis
The remote mail service supports encrypting traffic.
Description
The remote SMTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/10/09, Modified: 2019/03/20
Plugin Output

tcp/25/smtp


Here is the SMTP service's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :

------------------------------ snip ------------------------------
Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


------------------------------ snip ------------------------------
56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/25/smtp


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/110/pop3


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/143/imap


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/465/smtp


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/993/imap


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/995/pop3


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/8010/www


This port supports TLSv1.3/TLSv1.2.

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/25/smtp


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/110/pop3


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/143/imap


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/443/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/465/smtp


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/993/imap


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/995/pop3


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/25/smtp


The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :

Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/110/pop3


The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :

Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/143/imap


The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :

Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/443/www


The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :

Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/465/smtp


The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :

Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/993/imap


The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :

Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/995/pop3


The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :

Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/25/smtp

Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


Fingerprints :

SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/110/pop3

Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


Fingerprints :

SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/143/imap

Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


Fingerprints :

SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


Fingerprints :

SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/465/smtp

Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


Fingerprints :

SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/993/imap

Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


Fingerprints :

SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/995/pop3

Subject Name:

Common Name: fortimail.gossettmotors.com

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 4E 2D 9E CC 59 F8 6F 15

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F


Fingerprints :

SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/8010/www

Subject Name:

Common Name: net-216-37-68-107.in-addr.worldspice.net

Issuer Name:

Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: FG3H0ETB18900177
Email Address: support@fortinet.com

Serial Number: 0C 51 A2 26 48 87 D3 C0 F5 1F

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 48 4C 21 D2 46 4B 98 4B 33 89 52 BE B6 6A EF D4 82 E7
F2 8A 49 C1 8A F9 8C 67 17 93 4F 8B 98 6F 13 0D 7F 9F F8 23
91 49 1E 97 58 B6 A7 CD D6 1E C5 15 26 B8 3A 03 BD 0C 38 CC
1B E3 77 23 76 33 1D E3 CF 80 BF 5A E4 08 FE 9F B2 22 71 68
FF E7 79 CA D2 EC FC 6E 91 7E 7B 85 BA 40 43 30 FD AF 14 14
FD 61 5D 6E 03 AD 0B 72 4A B0 4D 9F 3E 0C 4D 73 66 11 88 6F
C8 6D A3 38 05 79 2E 68 12 2D 34 B3 67 A8 C2 A2 47 FD 69 67
17 A0 BB 09 92 9C 05 13 A1 C5 C1 4B 91 23 11 8B 9D 0A E0 0C
AA E9 23 5C 49 75 2A 20 25 3A 1F F7 BE A8 26 B8 48 4B D8 30
AF 76 2C 7B C1 4D AD 00 7D 18 38 88 D1 1A 99 BA 72 B4 F6 59
14 29 79 ED A6 6E B7 F6 B7 BA 3B 1B 7C 2B 66 EE 68 98 F8 DA
4C 82 00 F0 02 28 84 47 C2 E3 35 4A 0F D9 9D 0B F3 A3 84 9E
F9 16 3E 8D 05 34 1F 17 00 DE 0B F3 ED D9 CA 81 17
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 08 46 65 2D AD 0F B9 35 69 1E AC A4 6F E0 3E 1D 54 A5 B9
A0 7A C4 58 7F CF 02 0F 18 35 6A 7B 08 32 15 58 D0 E2 2B B5
CC 53 00 2A D4 2A 4A 5F 1E 11 4C AC FC B7 D5 07 DD E5 2B 9A
5C EE 75 93 21 6B 39 31 01 CD 29 A6 52 97 75 B4 FA 71 FE D7
C2 09 AF 4F C7 CC D7 4A 3C 78 DF 48 32 D0 F2 9A B6 C9 0F 18
97 C2 58 32 40 A5 E7 5C 35 01 3A AD 07 1F 80 F8 36 30 81 3C
07 41 E2 62 B2 BA 24 BF DE 39 2C C0 06 D1 0E 10 74 FD 29 0A
97 93 0C 58 05 C1 C5 F9 4E 27 13 4A 00 75 A3 86 A3 C3 41 8C
F6 5F 83 0C 8B A2 B9 DD DD 92 6A 1C 71 41 20 F9 72 4C 70 6D
6C A1 84 FA F4 20 A7 FD A7 CF 31 AF F3 50 42 E3 69 EF AB 3C
55 81 19 82 40 D7 CB DD 2C 62 07 DA 8C 95 56 A0 A6 48 1C 10
0C 09 EE 01 C7 86 01 B9 CF 04 36 A9 4D 8B AC D0 C6 96 F7 EF
AC C9 4E AB DA 5B 06 6A FE AF B6 D7 CA E3 9F 4C EA

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: net-216-37-68-107.in-addr.worldspice.net


Fingerprints :

SHA-256 Fingerprint: 2B 75 E9 22 65 73 F6 5F AC 51 03 2B 87 C1 B7 78 49 50 69 65
C6 D5 83 49 D0 C6 ED 96 3F B6 04 E0
SHA-1 Fingerprint: 03 60 C0 E3 81 52 19 37 35 F0 DD 5F AD 0E FF B4 25 01 6E E3
MD5 Fingerprint: 37 15 08 8B CF 7F 53 09 9D 5F C5 B6 5D BC 71 37


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIKDFGiJkiH08D1HzANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAwwQRkczSDBFVEIxODkwMDE3NzEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwODE2MTUzNDE5WhcNMzAwODE3MTUzNDE5WjAzMTEwLwYDVQQDDChuZXQtMjE2LTM3LTY4LTEwNy5pbi1hZGRyLndvcmxkc3BpY2UubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEhMIdJGS5hLM4lSvrZq79SC5/KKScGK+YxnF5NPi5hvEw1/n/gjkUkel1i2p83WHsUVJrg6A70MOMwb43cjdjMd48+Av1rkCP6fsiJxaP/necrS7PxukX57hbpAQzD9rxQU/WFdbgOtC3JKsE2fPgxNc2YRiG/IbaM4BXkuaBItNLNnqMKiR/1pZxeguwmSnAUTocXBS5EjEYudCuAMqukjXEl1KiAlOh/3vqgmuEhL2DCvdix7wU2tAH0YOIjRGpm6crT2WRQpee2mbrf2t7o7G3wrZu5omPjaTIIA8AIohEfC4zVKD9mdC/OjhJ75Fj6NBTQfFwDeC/Pt2cqBFwIDAQABo0IwQDAJBgNVHRMEAjAAMDMGA1UdEQQsMCqCKG5ldC0yMTYtMzctNjgtMTA3LmluLWFkZHIud29ybGRzcGljZS5uZXQwDQYJKoZIhvcNAQELBQADggEBAAhGZS2tD7k1aR6spG/gPh1UpbmgesRYf88CDxg1ansIMhVY0OIrtcxTACrUKkpfHhFMrPy31Qfd5SuaXO51kyFrOTEBzSmmUpd1tPpx/tfCCa9Px8zXSjx430gy0PKatskPGJfCWDJApedcNQE6rQcfgPg2MIE8B0HiYrK6JL/eOSzABtEOEHT9KQqXkwxYBcHF+U4nE0oAdaOGo8NBjPZfgwyLornd3ZJqHHFBIPlyTHBtbKGE+vQgp/2nzzGv81BC42nvqzxVgRmCQNfL3SxiB9qMlVagpkgcEAwJ7gHHhgG5zwQ2qU2LrNDGlvfvrMlOq9pbBmr+r7bXyuOfTOo=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/25/smtp


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/110/pop3


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/143/imap


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/443/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/465/smtp


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/993/imap


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/995/pop3


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/110/pop3


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/143/imap


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/465/smtp


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/993/imap


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/995/pop3


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8010/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/110/pop3


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/143/imap


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/465/smtp


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/993/imap


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/995/pop3


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/8010/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/110/pop3


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/143/imap


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/465/smtp


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/993/imap


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/995/pop3


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/8010/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/25/smtp


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/110/pop3


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/143/imap


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/443/www


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/465/smtp


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/993/imap


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/995/pop3


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/8010/www


The following root Certification Authority certificate was found :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Valid From : Nov 06 06:12:11 2018 GMT
|-Valid To : Nov 06 06:12:11 2028 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

35297 - SSL Service Requests Client Certificate
-
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/01/06, Modified: 2022/04/11
Plugin Output

tcp/25/smtp


A TLSv1/TLSv11/TLSv12 server is listening on this port that requests a client certificate.

35297 - SSL Service Requests Client Certificate
-
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/01/06, Modified: 2022/04/11
Plugin Output

tcp/465/smtp


A TLSv1/TLSv11/TLSv12 server is listening on this port that requests a client certificate.

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/110/pop3

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/143/imap

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/465/smtp

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/993/imap

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/995/pop3

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/8010/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/25/smtp

An SMTP server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/110/pop3

A POP3 server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/143/imap

An IMAP server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/465/smtp

A TLSv1.1 server answered on this port.

tcp/465/smtp

An SMTP server is running on this port through TLSv1.1.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/993/imap

A TLSv1 server answered on this port.

tcp/993/imap

An IMAP server is running on this port through TLSv1.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/995/pop3

A POP3 server is running on this port through TLSv1.1.

tcp/995/pop3

A TLSv1.1 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/8010/www

A TLSv1.2 server answered on this port.

tcp/8010/www

A web server is running on this port through TLSv1.2.

42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/443/www


The STS header line is :

Strict-Transport-Security: max-age=31536000; includeSubDomains

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

84821 - TLS ALPN Supported Protocol Enumeration
-
Synopsis
The remote host supports the TLS ALPN extension.
Description
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/07/17, Modified: 2023/07/10
Plugin Output

tcp/443/www


http/1.1

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/110/pop3

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/143/imap

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/465/smtp

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/993/imap

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/995/pop3

TLSv1.1 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/110/pop3

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/143/imap

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/465/smtp

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/993/imap

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/995/pop3

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/8010/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.107 :
192.168.100.162

An error was detected along the way.

An error was detected along the way.

An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.113
96.110.34.98
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.107

Hop Count: 16

100669 - Web Application Cookies Are Expired
-
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Published: 2017/06/07, Modified: 2021/12/20
Plugin Output

tcp/443/www


The following cookies are expired :

Name : SearchResultFile
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : logStartline
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : totalLineNumber
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : logType
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : logLevel
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : APSCOOKIE_4309f775a1293712802e25834cc847fe
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : logDomain
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : ParamStr
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : mTime
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :

100669 - Web Application Cookies Are Expired
-
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Published: 2017/06/07, Modified: 2021/12/20
Plugin Output

tcp/8010/www


The following cookies are expired :

Name : SearchResultFile
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : logStartline
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : totalLineNumber
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : logType
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : logLevel
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : APSCOOKIE_4309f775a1293712802e25834cc847fe
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : logDomain
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : ParamStr
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :


Name : mTime
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/8010/www


The following string will be used :
TYPE=password
216.37.68.108
0
1
4
0
63
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 04:26:03 2023
End time: Thu Oct 26 05:19:22 2023
Host Information
DNS Name: net-216-37-68-108.in-addr.worldspice.net
IP: 216.37.68.108
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2001/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2002/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2003/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2001/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2002/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2003/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.108 resolves as net-216-37-68-108.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2001/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 09:49:59 GMT
Content-Length: 21
Connection: close

Response Body :

authorization failed

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2002/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 09:49:59 GMT
Content-Length: 21
Connection: close

Response Body :

authorization failed

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2003/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 09:50:00 GMT
Content-Length: 21
Connection: close

Response Body :

authorization failed

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/555

Port 555/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/556

Port 556/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/557

Port 557/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2001/www

Port 2001/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2002/www

Port 2002/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2003/www

Port 2003/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.685 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 4:26 CDT
Scan duration : 3185 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2001/www


This port supports TLSv1.3/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2002/www


This port supports TLSv1.3/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2003/www


This port supports TLSv1.3/TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2001/www


The host name known by Nessus is :

net-216-37-68-108.in-addr.worldspice.net

The Common Name in the certificate is :

*.l.home.camect.com

The Subject Alternate Name in the certificate is :

*.l.home.camect.com

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2002/www


The host name known by Nessus is :

net-216-37-68-108.in-addr.worldspice.net

The Common Name in the certificate is :

*.l.home.camect.com

The Subject Alternate Name in the certificate is :

*.l.home.camect.com

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2003/www


The host name known by Nessus is :

net-216-37-68-108.in-addr.worldspice.net

The Common Name in the certificate is :

*.l.home.camect.com

The Subject Alternate Name in the certificate is :

*.l.home.camect.com

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2001/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2002/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2003/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2001/www


The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :

Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2002/www


The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :

Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2003/www


The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :

Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2001/www

Subject Name:

Common Name: *.l.home.camect.com

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73


Fingerprints :

SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2002/www

Subject Name:

Common Name: *.l.home.camect.com

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73


Fingerprints :

SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2003/www

Subject Name:

Common Name: *.l.home.camect.com

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73


Fingerprints :

SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/2001/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/2002/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/2003/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2001/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2002/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2003/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2001/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2002/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2003/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2001/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2002/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2003/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/2001/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/2002/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/2003/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2001/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2002/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2003/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2001/www

A TLSv1.2 server answered on this port.

tcp/2001/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2002/www

A TLSv1.2 server answered on this port.

tcp/2002/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2003/www

A TLSv1.2 server answered on this port.

tcp/2003/www

A web server is running on this port through TLSv1.2.

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2001/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2002/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2003/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.108 :
192.168.100.162
192.168.100.1
216.37.68.108

Hop Count: 2
216.37.68.109
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 05:19:22 2023
End time: Thu Oct 26 05:56:54 2023
Host Information
DNS Name: net-216-37-68-109.in-addr.worldspice.net
IP: 216.37.68.109
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.109 resolves as net-216-37-68-109.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.300 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 5:19 CDT
Scan duration : 2239 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.109 :
192.168.100.162
192.168.100.1
216.37.68.109

Hop Count: 2
216.37.68.110
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 05:25:46 2023
End time: Thu Oct 26 06:03:10 2023
Host Information
DNS Name: net-216-37-68-110.in-addr.worldspice.net
IP: 216.37.68.110
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.110 resolves as net-216-37-68-110.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.972 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 5:25 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.110 :
192.168.100.162
192.168.100.1
216.37.68.110

Hop Count: 2
216.37.68.111
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 05:56:54 2023
End time: Thu Oct 26 06:34:18 2023
Host Information
DNS Name: net-216-37-68-111.in-addr.worldspice.net
IP: 216.37.68.111
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.111 resolves as net-216-37-68-111.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.564 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 5:57 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.111 :
192.168.100.162
192.168.100.1
216.37.68.111

Hop Count: 2
216.37.68.112
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 06:03:10 2023
End time: Thu Oct 26 06:40:43 2023
Host Information
DNS Name: net-216-37-68-112.in-addr.worldspice.net
IP: 216.37.68.112
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.112 resolves as net-216-37-68-112.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.120 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 6:03 CDT
Scan duration : 2239 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.112 :
192.168.100.162
192.168.100.1
216.37.68.112

Hop Count: 2
216.37.68.113
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 06:34:18 2023
End time: Thu Oct 26 07:11:42 2023
Host Information
DNS Name: net-216-37-68-113.in-addr.worldspice.net
IP: 216.37.68.113
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.113 resolves as net-216-37-68-113.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.103 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 6:34 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.113 :
192.168.100.162
192.168.100.1
216.37.68.113

Hop Count: 2
216.37.68.114
0
2
6
0
58
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 06:40:43 2023
End time: Thu Oct 26 07:33:23 2023
Host Information
DNS Name: net-216-37-68-114.in-addr.worldspice.net
IP: 216.37.68.114
OS: Linux Kernel 3.0
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/443/www


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

88098 - Apache Server ETag Header Information Disclosure
-
Synopsis
The remote web server is affected by an information disclosure vulnerability.
Description
The remote web server is affected by an information disclosure vulnerability due to the ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files.
See Also
Solution
Modify the HTTP ETag header of the web server to not include file inodes in the ETag header calculation. Refer to the linked Apache documentation for more information.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 6939
CVE CVE-2003-1418
XREF CWE:200
Plugin Information
Published: 2016/01/22, Modified: 2020/04/27
Plugin Output

tcp/2555/www


Nessus was able to determine that the Apache Server listening on
port 2555 leaks the servers inode numbers in the ETag HTTP
Header field :

Source : ETag: "2b7ec-d39-5d5e1b6df5200"
Inode number : 178156
File size : 3385 bytes
File modification time : Jan. 18, 2022 at 21:11:36 GMT

10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2555/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=*.m.reyrey.net
|-Issuer : C=US/O=Let's Encrypt/CN=R3

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1.1 is enabled and the server supports at least one cipher.

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/80/www


URL : http://net-216-37-68-114.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/443/www


URL : https://net-216-37-68-114.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/2555/www


URL : https://net-216-37-68-114.in-addr.worldspice.net:2555/
Version : unknown
Source : Server: Apache
backported : 0

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel -> Linux Kernel

Following application CPE's matched on the remote system :

cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
cpe:/a:solarwinds:server_and_application_monitor -> Solarwinds Server and Application Monitor (SAM)

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : unknown
Confidence level : 56

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/443/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2555/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

Apache

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/443/www

The remote web server type is :

Apache

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/2555/www

The remote web server type is :

Apache

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.114 resolves as net-216-37-68-114.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 12:06:08 GMT
Server: Apache
Location: https://net-216-37-68-114.in-addr.worldspice.net/
Content-Length: 257
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-114.in-addr.worldspice.net/">here</a>.</p>
</body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 12:06:08 GMT
Server: Apache
Location: https://net-216-37-68-114.in-addr.worldspice.net/smgdownload
Content-Length: 268
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-114.in-addr.worldspice.net/smgdownload">here</a>.</p>
</body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2555/www


Response Code : HTTP/1.1 403 Forbidden

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 12:06:08 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 21:11:36 GMT
ETag: "2b7ec-d39-5d5e1b6df5200"
Accept-Ranges: bytes
Content-Length: 3385
Vary: Accept-Encoding
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html

Response Body :

<html>
<head>
<title>Error 403</title>
<style>
body {
background-color: #73767c;
font-family: Times, serif;
font-size: 18px;
}
.container {
width: 640px;
margin: auto;
padding: 0 10px 20px;
background: #fff;
text-align: center;
overflow: hidden;
border-radius: 5px;
box-shadow: 0px 10px 15px #59595b;
}
div.reylogo {
width: 200px;
height: 200px;
margin: 0px auto;
background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAABGdBTUEAAOD8YVAtlgAAAu1pQ0NQSUNDIFByb2ZpbGUAADjLY2BgnuDo4uTKJMDAUFBUUuQe5BgZERmlwH6egY2BmQEMEpOLCxwDAnxA7Lz8vFQGVMDIwPDtGohkYLisCzKLgTTAmgy0GEgfAGKjlNTiZCD9BYjTy0sKgOKMMUC2SFI2mF0AYmeHBDkD2S0MDEw8JakVIL0MzvkFlUWZ6RklCoaWlpYKjin5SakKwZXFJam5xQqeecn5RQX5RYklqSlAtVA7QIDXJb9EwT0xM0/ByECVgcoAFI4QFiJ8EGIIkFxaVAYPSgYGAQYFBgMGB4YAhkSGeoYFDEcZ3jCKM7owljKuYLzHJMYUxDSB6QKzMHMk80LmNyyWLB0st1j1WFtZ77FZsk1j+8Yezr6bQ4mji+MLZyLnBS5Hri3cmtwLeKR4pvIK8U7iE+abxi/Dv1hAR2CHoKvgFaFUoR/CvSIqIntFw0W/iE0SNxK/IlEhKSd5TCpfWlr6hEyZrLrsLbk+eRf5PwpbFQuV9JTeKq9VKVA1Uf2pdlC9SyNUU0nzg9YB7Uk6qbpWeoJ6r/SPGCwwrDWKMbY1kTdlNn1pdsF8p8USywlWdda5NnG2gXau9tYOxo46TmrOSi4KrvJuCu7KHuqeul4m3jY+7r7Bfgn++QH1gRODlgbvCrkY+jKcKUIu0ioqIroiZmbsnrgHCWyJuklhyQ0pa1JvpnNkWGRmZs3NvpjLnmefX1GwqfBdsXZJVumqsjcV+pUlVbtqGGu96qbWP2zUa6ppPtsq11bYfrRTuquo+3Sval9j/92JNpNmT/47NX7a4RkaM/tnfZ+TMPf0fPMFSxeJLG5d8m1Z5vJ7K0NWnV7jsnbfessN2zaZbN6y1WTb9h1WO/fvdt1zdl/Y/gcHcw79PNJ+TPz4ipPWp86dST776/yki9qXjl5JvPrv+pybNrfu3qm/p3z/xMO8x2JP9j/LfCHy8uDr/Lfy7y58aPpk+vnV1wXfw38K/Dr1p/Wf4///AA0ADzTvzc3MAAAABlBMVEUATnsAAAD+mnh6AAAAAnRSTlP/AOW3MEoAAAAJcEhZcwAALiIAAC4iAari3ZIAAALeSURBVHhe7dXRcuIwEETR8P8/vZK53mygKIi3NWqp+rwEjDOeW0GVr9smEuImIW4S4iYhbhLiJiFuEuImIW4S4iYhbhLiJiGvfIkx9q1+I79i6r7nW+0+fsEVi77z8Z/uQzxdiMHvqEOmnpEtJMRNQn6HkyvAwCc1ISwhwchH7To3rILFH/Xr3LGI+95PXl0XYwkBBj4pChkvIW4Scg0nVoGJp9oQdtBgJtpbri+HAuwUUokdJBiJ4pBxEuImIddxViUY2dSHsIIIQ48QLq2JjL1CirGBCENnhAySEDcJ+Q+cUw1mzghhA5VzqnxwtQ1DqrGAyjmVn6VYQYGJk0JGSIibCSF8uzWYOSOEDVSY2kO4sqoNQ4rxfBWm5rDbSYib8hC+2xKMPBSHsIEKU7v2motLoqLZKaQSz1dhalccoi1h5qE6ZJiEuEnIb3E+RRj6j3aJz9bC+t92CinB82UY+60qpOKM7CEhbhLyHudShamvtM+50R0Lv7JTyCA8X4axr4wLGf4v8KeBIbUS4iYhn+O0ijD0Sf+AWxZx3/tJu84Nq2DxRy//VDI8X4axj8aHFJ6RLSTETUIu4LiKMPRUF8LzZRh7au/5YDkUoL/lg8Xc9//r8f1IbCDC0FNlyFAJcZOQazioIgw91IawgApTD+0NV1dERNdfc3VB94bDjz/PcDxfhamH2pCBEuImIRdxTEUY2hWHsIAMY5v2kmtLoqLZKaQSz1dhalccMk5C3CTkKo6pBjO76hA2UGFq015ybUlUNDuFlGIBFaY21SHDJMRNQi7jmGowsykPYQMVph4hXFoTGXuF1GIBFaZOCJGWMLKrDxkkIW5mhPAF12DmjBA2UDmnygeX2y+kGs9XOafysxIbaDBzSsgQCXEzL4TvuMIx7hhajxVUjhBeL22vkClYQGVeiLakz7uPXV9C3CTETULcJMRNQtwkxE1C3CTETULcJMRNQtwkxMvt9gdiX3KCo5HNSAAAAABJRU5ErkJggg==);
}
div.errcode {
font-size: 4em;
font-weight: 900;
}
div.errdesc {
margin-bottom: 0.5em;
font-size: 2em;
font-weight: 700;
}
div.details {
font-size: 18px;
}
</style>
</head>
<body >
<div class="container">
<div class="reylogo"></div>
<div class="errcode">403</div>
<div class="errdesc">Forbidden</div>
<div class="details">
You do not have permission to access this resource.<br/>
Contact <a href="https://www.reyrey.com/support/">Reynolds and Reynolds Support</a> for assistance.
</div>
</div>
</body>
</html>

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/1067

Port 1067/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2555/www

Port 2555/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/5713

Port 5713/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/16384

Port 16384/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 71.332 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 6:40 CDT
Scan duration : 3151 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Linux Kernel 3.0
Confidence level : 56
Method : MLSinFP


The remote host is running Linux Kernel 3.0

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/443/www

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2555/www


This port supports TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

net-216-37-68-114.in-addr.worldspice.net

The Common Name in the certificate is :

*.m.reyrey.net

The Subject Alternate Name in the certificate is :

*.m.reyrey.net

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2555/www


The host name known by Nessus is :

net-216-37-68-114.in-addr.worldspice.net

The Common Name in the certificate is :

*.m.reyrey.net

The Subject Alternate Name in the certificate is :

*.m.reyrey.net

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/443/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2555/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/443/www


The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :

Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2555/www


The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :

Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Common Name: *.m.reyrey.net

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26


Fingerprints :

SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2555/www

Subject Name:

Common Name: *.m.reyrey.net

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26


Fingerprints :

SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/443/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2555/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2555/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2555/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/443/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2555/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2555/www

A TLSv1.2 server answered on this port.

tcp/2555/www

A web server is running on this port through TLSv1.2.

91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/06/03, Modified: 2023/10/16
Plugin Output

tcp/80/www


URL : http://net-216-37-68-114.in-addr.worldspice.net/
Version : unknown

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/443/www

TLSv1.1 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2555/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.114 :
192.168.100.162

An error was detected along the way.

An error was detected along the way.

An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.117
96.110.34.102
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.114

Hop Count: 16

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/80/www



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://net-216-37-68-114.in-addr.worldspice.net/UKtDyAyWf9bh.html
216.37.68.115
0
1
4
0
54
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 07:11:42 2023
End time: Thu Oct 26 10:00:25 2023
Host Information
DNS Name: net-216-37-68-115.in-addr.worldspice.net
IP: 216.37.68.115
OS: FortiOS on Fortinet FortiGate
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

142960 - HSTS Missing From HTTPS Server (RFC 6797)
-
Synopsis
The remote web server is not enforcing HSTS, as defined by RFC 6797.
Description
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2020/11/17, Modified: 2023/06/08
Plugin Output

tcp/8010/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/8010/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/8010/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com

46180 - Additional DNS Hostnames
-
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Published: 2010/04/29, Modified: 2022/08/15
Plugin Output

tcp/0

The following hostnames point to the remote host :
- ibc.gossettmotors.com
45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:fortinet:fortios -> Fortinet FortiOS

Following application CPE matched on the remote system :

cpe:/a:solarwinds:server_and_application_monitor -> Solarwinds Server and Application Monitor (SAM)

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : unknown
Confidence level : 56

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/8010/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

UCC HTTP Server

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/443/www

The remote web server type is :

UCC HTTP Server

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.115 resolves as net-216-37-68-115.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

content-length: 152
server: UCC HTTP Server
location: https://net-216-37-68-115.in-addr.worldspice.net/default.htm
connection: close
content-type: text/html
date: Thu, 26 Oct 2023 12:59:46 GMT

Response Body :

<HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY><H1>404 Not Found</H1>
The requested resource [/default.htm] was not found on this server.<BR>
</BODY>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

content-length: 152
strict-transport-security: max-age=31556952
server: UCC HTTP Server
connection: close
content-type: text/html
date: Thu, 26 Oct 2023 12:59:44 GMT

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/8010/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Length: 4532
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'

Response Body :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://net-216-37-68-115.in-addr.worldspice.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/21

Port 21/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/25

Port 25/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/110

Port 110/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/119

Port 119/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/143

Port 143/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/1067

Port 1067/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/1202

Port 1202/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/5713

Port 5713/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/8010/www

Port 8010/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 66.044 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 7:12 CDT
Scan duration : 10101 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 56
Method : MLSinFP


The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 8010 (15 hops away)
- 80 (15 hops away)
- 21 (15 hops away)
- 443 (15 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Linux Kernel 2.6

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

+ On the following port(s) :
- 110 (15 hops away)
- 119 (15 hops away)
- 143 (15 hops away)
- 25 (15 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.3/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/8010/www


This port supports TLSv1.3/TLSv1.2.

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Common Name: ibc.gossettmotors.com

Issuer Name:

Country: US
Organization: DigiCert Inc
Organization Unit: www.digicert.com
Common Name: GeoTrust TLS RSA CA G1

Serial Number: 03 AF A1 53 01 65 67 7B 70 AD 4E 5C 25 9D A9 09

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Apr 26 00:00:00 2023 GMT
Not Valid After: May 26 23:59:59 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 F0 15 73 F0 4A 5F 3A 17 AC D1 0C A1 84 B1 AC D7 27 28 35
D3 FE 36 EC 1D BB 9C 13 6B 05 5D E0 CA 7D 59 B7 CE 91 52 1F
80 64 5A 7F AC F0 9D 57 CF DF 6D 8B 89 B6 28 3E AD 58 59 8C
CC 69 B3 56 44 4C 59 53 2D 7C 6C 72 A7 CD AE FB 18 9C AC 93
7F 4A 2E A2 BB F6 6A 9B E1 B4 F9 53 04 E4 E9 FF 77 49 5C 4C
46 83 39 47 DD E8 C4 B8 B2 BE 25 56 15 1C 45 67 88 48 C2 BD
0F 5A 28 1B CB 28 25 6C 4F 82 E7 EF F5 FD 64 6E 3F 8E A4 31
DC C4 D9 AA 2A EA 11 01 46 A5 3F EC A8 A1 6E C5 9B 6C D8 11
56 A3 3B D6 11 45 D1 AB C1 32 46 CA E7 2C 70 5B 2E 37 EA 24
1A 98 19 44 58 83 A7 81 B3 7F 61 7F E5 AF C8 FF F5 2C F2 E7
36 11 5A 70 CC B8 89 82 C2 86 5B FF AF E8 10 23 68 84 DE 2E
4F 80 47 03 0C FA F4 4D 33 CD 5C 24 BB 1A F4 8F 43 C3 B7 4D
E1 47 1A 8A 62 D9 E0 DC CE AC 45 36 51 6A B2 78 45
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 70 C4 1E 47 86 34 FA D3 9D 6E B1 82 E2 AE A0 EF 9B 90 00
12 E3 48 73 12 85 BD 14 B4 1F B4 3D 1A 5A 7D D6 48 33 6B 8D
6E 7E B8 38 82 C4 53 28 9F 9C FD 05 46 55 E5 65 E6 70 98 C1
9D 7B CA 21 E0 8C D7 20 BF 3B 62 F7 0C D3 25 71 65 A4 44 C3
0F 09 A1 15 2B 52 38 38 58 22 56 2F B8 92 3F 8E 78 68 C8 0D
DB D6 A2 38 37 E3 BA 00 F4 74 06 65 61 BE 8D 07 99 8B 96 D7
7A 69 F7 1E 55 BF 9A 19 86 0C 15 81 56 79 C9 8D 3A 68 6A C5
2B B1 8F F9 52 1C 6B 1D 1A 72 77 02 3B 0F D3 FB 7F C9 FF 2A
E9 FB D5 D4 DC 34 10 EB CB 71 F6 72 71 04 C5 F4 B3 69 E4 73
2F 96 C2 6A 90 84 64 AC 01 A6 3A B3 B0 66 3C 02 CD A6 39 CE
FE B5 07 2A 9C CC 34 98 90 E8 96 E6 B7 A9 B6 FA E4 04 00 18
11 15 0A E2 D6 0E 21 DD 16 1E F0 0F F0 07 74 42 52 C0 5E 7F
57 2A 6F DA 34 85 C4 55 B1 8F 7E 3D 4F 7A DF CA 85

Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 94 4F D4 5D 8B E4 A4 E2 A6 80 FE FD D8 F9 00 EF A3 BE 02 57


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 0D 41 19 CF FE 7C 7E 3B AD 09 17 06 B8 8E 33 B8 DA A5 FB 7A


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: ibc.gossettmotors.com


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://www.digicert.com/CPS


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://status.geotrust.com
Method#2: Certificate Authority Issuers
URI: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt


Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 6C 01 6A 00 76 00 EE CD D0 64 D5 DB 1A CE C5 5C B7
9D B4 CD 13 A2 32 87 46 7C BC EC DE C3 51 48 59 46 71 1F B5
9B 00 00 01 87 BF B6 E4 9C 00 00 04 03 00 47 30 45 02 20 08
DF 8E 51 BA 2B FA BB CA 1E 08 7A 38 D0 16 A3 37 CE 56 C5 08
EA 1C 43 0F 48 BC AA F0 29 74 7C 02 21 00 DD 2B F7 BC DF D7
03 1D BE 6D 01 85 9D 85 7C 7A FC 07 5A 81 97 F5 CE 6A 17 9B
B8 77 47 21 5C EA 00 77 00 73 D9 9E 89 1B 4C 96 78 A0 20 7D
47 9D E6 B2 C6 1C D0 51 5E 71 19 2A 8C 6B 80 10 7A C1 77 72
B5 00 00 01 87 BF B6 E4 E7 00 00 04 03 00 48 30 46 02 21 00
DA BB 6C 23 D2 31 FB D3 C1 5A 39 DF 4C 42 9C 8E CD B8 DC 57
01 EF 27 B9 6A BC 66 91 0D 76 D7 8A 02 21 00 B8 F1 BD DC EE
9D 3C A4 4B B3 EA 46 3C 96 67 28 3A FB 59 18 C9 CA 33 74 E1
53 17 4A CD 2E CA 83 00 77 00 48 B0 E3 6B DA A6 47 34 0F E5
6A 02 FA 9D 30 EB 1C 52 01 CB 56 DD 2C 81 D9 BB BF AB 39 D8
84 73 00 00 01 87 BF B6 E4 B5 00 00 04 03 00 48 30 46 02 21
00 93 C6 AA 87 64 34 F7 7B CF 42 D8 AF 5B 7D 13 3A 7A 35 7A
09 B5 28 6D 53 F4 CE 4B 01 ED 80 4C C7 02 21 00 8E 89 79 DA
E9 0E 7B CA 9F 70 15 79 D0 52 F9 5F D3 AE 9B 58 F7 53 53 68
A7 AC F6 5D 12 C4 4E 76


Fingerprints :

SHA-256 Fingerprint: ED 4C FE 54 2B 2A 6A 53 42 A6 02 3B 31 3C AC 4C 00 A4 46 67
DC 93 C4 40 43 4C 1E 78 B6 12 DB 2A
SHA-1 Fingerprint: 20 A9 44 FD 15 20 D5 A0 2B 68 1A CC 5C 4E E0 7A CA 71 B1 CE
MD5 Fingerprint: 4B DE 61 0B 7A E3 AD 0C 2D 48 78 10 09 89 CC 16


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgIQA6+hUwFlZ3twrU5cJZ2pCTANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcxMB4XDTIzMDQyNjAwMDAwMFoXDTI0MDUyNjIzNTk1OVowIDEeMBwGA1UEAxMVaWJjLmdvc3NldHRtb3RvcnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8BVz8EpfOhes0QyhhLGs1ycoNdP+Nuwdu5wTawVd4Mp9WbfOkVIfgGRaf6zwnVfP322LibYoPq1YWYzMabNWRExZUy18bHKnza77GJysk39KLqK79mqb4bT5UwTk6f93SVxMRoM5R93oxLiyviVWFRxFZ4hIwr0PWigbyyglbE+C5+/1/WRuP46kMdzE2aoq6hEBRqU/7KihbsWbbNgRVqM71hFF0avBMkbK5yxwWy436iQamBlEWIOngbN/YX/lr8j/9Szy5zYRWnDMuImCwoZb/6/oECNohN4uT4BHAwz69E0zzVwkuxr0j0PDt03hRxqKYtng3M6sRTZRarJ4RQIDAQABo4IDHTCCAxkwHwYDVR0jBBgwFoAUlE/UXYvkpOKmgP792PkA76O+AlcwHQYDVR0OBBYEFA1BGc/+fH47rQkXBriOM7japft6MCAGA1UdEQQZMBeCFWliYy5nb3NzZXR0bW90b3JzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jZHAuZ2VvdHJ1c3QuY29tL0dlb1RydXN0VExTUlNBQ0FHMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9UcnVzdFRMU1JTQUNBRzEuY3J0MAkGA1UdEwQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABh7+25JwAAAQDAEcwRQIgCN+OUbor+rvKHgh6ONAWozfOVsUI6hxDD0i8qvApdHwCIQDdK/e839cDHb5tAYWdhXx6/AdagZf1zmoXm7h3RyFc6gB3AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAABh7+25OcAAAQDAEgwRgIhANq7bCPSMfvTwVo530xCnI7NuNxXAe8nuWq8ZpENdteKAiEAuPG93O6dPKRLs+pGPJZnKDr7WRjJyjN04VMXSs0uyoMAdwBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYe/tuS1AAAEAwBIMEYCIQCTxqqHZDT3e89C2K9bfRM6ejV6CbUobVP0zksB7YBMxwIhAI6JedrpDnvKn3AVedBS+V/TrptY91NTaKes9l0SxE52MA0GCSqGSIb3DQEBCwUAA4IBAQBwxB5HhjT6051usYLirqDvm5AAEuNIcxKFvRS0H7Q9Glp91kgza41ufrg4gsRTKJ+c/QVGVeVl5nCYwZ17yiHgjNcgvzti9wzTJXFlpETDDwmhFStSODhYIlYvuJI/jnhoyA3b1qI4N+O6APR0BmVhvo0HmYuW13pp9x5Vv5oZhgwVgVZ5yY06aGrFK7GP+VIcax0acncCOw/T+3/J/yrp+9XU3DQQ68tx9nJxBMX0s2nkcy+WwmqQhGSsAaY6s7BmPALNpjnO/rUHKpzMNJiQ6Jbmt6m2+uQEABgRFQri1g4h3RYe8A/wB3RCUsBef1cqb9o0hcRVsY9+PU9638qF
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/8010/www

Subject Name:

Common Name: net-216-37-68-115.in-addr.worldspice.net

Issuer Name:

Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: FG3H0ETB18900177
Email Address: support@fortinet.com

Serial Number: 1C B3 1C 26 C5 3D 2E 4F E5 3A

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 48 4C 21 D2 46 4B 98 4B 33 89 52 BE B6 6A EF D4 82 E7
F2 8A 49 C1 8A F9 8C 67 17 93 4F 8B 98 6F 13 0D 7F 9F F8 23
91 49 1E 97 58 B6 A7 CD D6 1E C5 15 26 B8 3A 03 BD 0C 38 CC
1B E3 77 23 76 33 1D E3 CF 80 BF 5A E4 08 FE 9F B2 22 71 68
FF E7 79 CA D2 EC FC 6E 91 7E 7B 85 BA 40 43 30 FD AF 14 14
FD 61 5D 6E 03 AD 0B 72 4A B0 4D 9F 3E 0C 4D 73 66 11 88 6F
C8 6D A3 38 05 79 2E 68 12 2D 34 B3 67 A8 C2 A2 47 FD 69 67
17 A0 BB 09 92 9C 05 13 A1 C5 C1 4B 91 23 11 8B 9D 0A E0 0C
AA E9 23 5C 49 75 2A 20 25 3A 1F F7 BE A8 26 B8 48 4B D8 30
AF 76 2C 7B C1 4D AD 00 7D 18 38 88 D1 1A 99 BA 72 B4 F6 59
14 29 79 ED A6 6E B7 F6 B7 BA 3B 1B 7C 2B 66 EE 68 98 F8 DA
4C 82 00 F0 02 28 84 47 C2 E3 35 4A 0F D9 9D 0B F3 A3 84 9E
F9 16 3E 8D 05 34 1F 17 00 DE 0B F3 ED D9 CA 81 17
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 02 70 71 CA D3 BA 01 AE DC 4D 61 6C 26 5C 71 3B 53 70 D2
C4 30 09 42 26 57 FF C9 6C 05 71 41 03 5B DC 3C 54 A4 3E 70
53 20 D0 C0 CC BA F3 CD 2B D9 5B 6E FE 2A 3E DC 87 E7 AB 13
F0 F2 D5 85 72 5D 7E 21 9F 19 84 27 ED 6C CC 61 AC F3 74 99
3F 44 5F 1F 8A F3 CE 9D 1F 8F C6 6B B6 3B 02 79 CA 2B 1B FB
0D 8E CC 4A D3 54 2C F7 80 81 E3 58 C2 91 8A C3 BB DF 08 09
79 1B 4A 1A 57 15 5A 69 50 B3 F8 E7 74 E7 22 E1 16 13 E8 9C
85 BE 74 96 D1 E4 42 F4 42 11 93 90 3A 9D AD E8 40 6F 2B 3C
9B E9 F3 58 D4 46 44 DF 0A 8A 42 EB BF BD FE C9 76 EB EC 6D
9A 70 B1 A0 99 C9 C7 10 E8 72 76 D7 D2 DA 99 4E 19 14 A4 63
ED 61 C9 DD BC 83 A6 BE 2E 28 E7 CC CF 8C 08 C6 30 5D 21 C0
6A 98 AE D1 3C CF BC DF 67 B9 3F 7E DB CD 30 B9 32 F5 D0 19
60 D6 D0 4A F3 E3 25 93 C5 3C 60 23 A8 D0 3C F8 4E

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: net-216-37-68-115.in-addr.worldspice.net


Fingerprints :

SHA-256 Fingerprint: ED 0E 79 E3 6F 61 68 05 6D 7A A0 22 3B 6B C8 1C 3C FE 99 5A
0D 13 40 11 0B 72 BC C0 FE 3F 6B A6
SHA-1 Fingerprint: AF 9E 5B 6C D3 E1 52 C2 39 49 17 2E FA FF 18 10 4C BE 5C 79
MD5 Fingerprint: 52 93 B5 0A BE 6C 95 F9 FC BE 67 E4 88 A5 4F B7


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIKHLMcJsU9Lk/lOjANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAwwQRkczSDBFVEIxODkwMDE3NzEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwODE2MTUzNDE5WhcNMzAwODE3MTUzNDE5WjAzMTEwLwYDVQQDDChuZXQtMjE2LTM3LTY4LTExNS5pbi1hZGRyLndvcmxkc3BpY2UubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEhMIdJGS5hLM4lSvrZq79SC5/KKScGK+YxnF5NPi5hvEw1/n/gjkUkel1i2p83WHsUVJrg6A70MOMwb43cjdjMd48+Av1rkCP6fsiJxaP/necrS7PxukX57hbpAQzD9rxQU/WFdbgOtC3JKsE2fPgxNc2YRiG/IbaM4BXkuaBItNLNnqMKiR/1pZxeguwmSnAUTocXBS5EjEYudCuAMqukjXEl1KiAlOh/3vqgmuEhL2DCvdix7wU2tAH0YOIjRGpm6crT2WRQpee2mbrf2t7o7G3wrZu5omPjaTIIA8AIohEfC4zVKD9mdC/OjhJ75Fj6NBTQfFwDeC/Pt2cqBFwIDAQABo0IwQDAJBgNVHRMEAjAAMDMGA1UdEQQsMCqCKG5ldC0yMTYtMzctNjgtMTE1LmluLWFkZHIud29ybGRzcGljZS5uZXQwDQYJKoZIhvcNAQELBQADggEBAAJwccrTugGu3E1hbCZccTtTcNLEMAlCJlf/yWwFcUEDW9w8VKQ+cFMg0MDMuvPNK9lbbv4qPtyH56sT8PLVhXJdfiGfGYQn7WzMYazzdJk/RF8fivPOnR+Pxmu2OwJ5yisb+w2OzErTVCz3gIHjWMKRisO73wgJeRtKGlcVWmlQs/jndOci4RYT6JyFvnSW0eRC9EIRk5A6na3oQG8rPJvp81jURkTfCopC67+9/sl26+xtmnCxoJnJxxDocnbX0tqZThkUpGPtYcndvIOmvi4o58zPjAjGMF0hwGqYrtE8z7zfZ7k/ftvNMLky9dAZYNbQSvPjJZPFPGAjqNA8+E4=
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8010/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/8010/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/8010/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/443/www


The following root Certification Authority certificate was found :

|-Subject : C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2
|-Issuer : C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2
|-Valid From : Aug 01 12:00:00 2013 GMT
|-Valid To : Jan 15 12:00:00 2038 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/8010/www


The following root Certification Authority certificate was found :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Valid From : Nov 06 06:12:11 2018 GMT
|-Valid To : Nov 06 06:12:11 2028 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/8010/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/8010/www

A TLSv1.2 server answered on this port.

tcp/8010/www

A web server is running on this port through TLSv1.2.

91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/06/03, Modified: 2023/10/16
Plugin Output

tcp/80/www


URL : http://net-216-37-68-115.in-addr.worldspice.net/
Version : unknown

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/8010/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.115 :
192.168.100.162

An error was detected along the way.

An error was detected along the way.

An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.113
96.110.34.98
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.115

Hop Count: 16

11154 - Unknown Service Detection: Banner Retrieval
-
Synopsis
There is an unknown service running on the remote host.
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/11/18, Modified: 2022/07/26
Plugin Output

tcp/1202


If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to svc-signatures@nessus.org :

Port : 1202
Type : get_http
Banner :
0x00: 01 00 00 00 67 00 00 00 00 00 00 00 00 00 00 00 ....g...........
0x10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
0x60: 00 00 00 00 00 00 00 00 00 00 00 00 ............

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/80/www



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://net-216-37-68-115.in-addr.worldspice.net/QQzyI792a0NK.html

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/8010/www


The following string will be used :
TYPE=password
216.37.68.116
0
1
3
0
61
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 07:33:23 2023
End time: Thu Oct 26 08:30:52 2023
Host Information
DNS Name: net-216-37-68-116.in-addr.worldspice.net
IP: 216.37.68.116
OS: Linux Kernel 3.1
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2555/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=*.m.reyrey.net
|-Issuer : C=US/O=Let's Encrypt/CN=R3

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/80/www


URL : http://net-216-37-68-116.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/2555/www


URL : https://net-216-37-68-116.in-addr.worldspice.net:2555/
Version : unknown
Source : Server: Apache
backported : 0

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel -> Linux Kernel

Following application CPE's matched on the remote system :

cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
cpe:/a:nginx:nginx -> Nginx
cpe:/a:solarwinds:server_and_application_monitor -> Solarwinds Server and Application Monitor (SAM)

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : unknown
Confidence level : 56

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2555/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

Apache

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/443/www

The remote web server type is :

nginx

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/2555/www

The remote web server type is :

Apache

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.116 resolves as net-216-37-68-116.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 13:03:13 GMT
Server: Apache
Location: https://net-216-37-68-116.in-addr.worldspice.net/
Content-Length: 257
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-116.in-addr.worldspice.net/">here</a>.</p>
</body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: nginx
Date: Thu, 26 Oct 2023 13:03:14 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 268
Connection: keep-alive
Location: https://net-216-37-68-116.in-addr.worldspice.net/smgdownload
Strict-Transport-Security: max-age=86400; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-116.in-addr.worldspice.net/smgdownload">here</a>.</p>
</body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2555/www


Response Code : HTTP/1.1 403 Forbidden

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 13:03:13 GMT
Server: Apache
Content-Length: 321
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/8004/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 13:03:13 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

Response Body :

system is not profiled for ignite anywhere

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/1067

Port 1067/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2555/www

Port 2555/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/5713

Port 5713/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/8004/www

Port 8004/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/16384

Port 16384/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 85.611 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 7:33 CDT
Scan duration : 3439 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Linux Kernel 3.1
Confidence level : 56
Method : MLSinFP


The remote host is running Linux Kernel 3.1

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2555/www


This port supports TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

net-216-37-68-116.in-addr.worldspice.net

The Common Name in the certificate is :

*.m.reyrey.net

The Subject Alternate Name in the certificate is :

*.m.reyrey.net

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2555/www


The host name known by Nessus is :

net-216-37-68-116.in-addr.worldspice.net

The Common Name in the certificate is :

*.m.reyrey.net

The Subject Alternate Name in the certificate is :

*.m.reyrey.net

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/443/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2555/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/443/www


The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :

Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2555/www


The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :

Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Common Name: *.m.reyrey.net

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26


Fingerprints :

SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2555/www

Subject Name:

Common Name: *.m.reyrey.net

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26


Fingerprints :

SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/443/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2555/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2555/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2555/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/443/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2555/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2555/www

A TLSv1.2 server answered on this port.

tcp/2555/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/8004/www

A web server is running on this port.

91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/06/03, Modified: 2023/10/16
Plugin Output

tcp/80/www


URL : http://net-216-37-68-116.in-addr.worldspice.net/
Version : unknown

91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/06/03, Modified: 2023/10/16
Plugin Output

tcp/2555/www


URL : https://net-216-37-68-116.in-addr.worldspice.net:2555/
Version : unknown

42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/443/www


The STS header line is :

Strict-Transport-Security: max-age=86400; includeSubDomains

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

62564 - TLS Next Protocols Supported
-
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS connections.

Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/10/16, Modified: 2022/04/11
Plugin Output

tcp/443/www


The target advertises that the following protocols are
supported over SSL / TLS:

h2
http/1.1
136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2555/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.116 :
192.168.100.162
192.168.100.1
216.37.68.116

Hop Count: 2

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/80/www



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://net-216-37-68-116.in-addr.worldspice.net/mMt_OM7ly1GC.html

106375 - nginx HTTP Server Detection
-
Synopsis
The nginx HTTP server was detected on the remote host.
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Published: 2018/01/26, Modified: 2023/05/24
Plugin Output

tcp/443/www


URL : https://net-216-37-68-116.in-addr.worldspice.net/
Version : unknown
source : Server: nginx
216.37.68.117
0
1
3
0
61
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 08:30:52 2023
End time: Thu Oct 26 09:28:48 2023
Host Information
DNS Name: net-216-37-68-117.in-addr.worldspice.net
IP: 216.37.68.117
OS: Check Point GAiA
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2555/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=*.m.reyrey.net
|-Issuer : C=US/O=Let's Encrypt/CN=R3

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/80/www


URL : http://net-216-37-68-117.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/2555/www


URL : https://net-216-37-68-117.in-addr.worldspice.net:2555/
Version : unknown
Source : Server: Apache
backported : 0

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:checkpoint:gaia_os -> CheckPoint GAiA OS

Following application CPE's matched on the remote system :

cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
cpe:/a:nginx:nginx -> Nginx
cpe:/a:solarwinds:server_and_application_monitor -> Solarwinds Server and Application Monitor (SAM)

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : unknown
Confidence level : 56

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2555/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

Apache

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/443/www

The remote web server type is :

nginx

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/2555/www

The remote web server type is :

Apache

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.117 resolves as net-216-37-68-117.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 13:58:21 GMT
Server: Apache
Location: https://net-216-37-68-117.in-addr.worldspice.net/
Content-Length: 257
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-117.in-addr.worldspice.net/">here</a>.</p>
</body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: nginx
Date: Thu, 26 Oct 2023 13:58:22 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 268
Connection: keep-alive
Location: https://net-216-37-68-117.in-addr.worldspice.net/smgdownload
Strict-Transport-Security: max-age=86400; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-117.in-addr.worldspice.net/smgdownload">here</a>.</p>
</body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2555/www


Response Code : HTTP/1.1 403 Forbidden

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 13:58:21 GMT
Server: Apache
Content-Length: 321
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/8004/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 26 Oct 2023 13:58:22 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

Response Body :

system is not profiled for ignite anywhere

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/1067

Port 1067/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2555/www

Port 2555/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/5713

Port 5713/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/8004/www

Port 8004/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/16384

Port 16384/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 76.286 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 8:31 CDT
Scan duration : 3466 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Check Point GAiA
Confidence level : 56
Method : MLSinFP


The remote host is running Check Point GAiA

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2555/www


This port supports TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

net-216-37-68-117.in-addr.worldspice.net

The Common Name in the certificate is :

*.m.reyrey.net

The Subject Alternate Name in the certificate is :

*.m.reyrey.net

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2555/www


The host name known by Nessus is :

net-216-37-68-117.in-addr.worldspice.net

The Common Name in the certificate is :

*.m.reyrey.net

The Subject Alternate Name in the certificate is :

*.m.reyrey.net

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/443/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2555/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/443/www


The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :

Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2555/www


The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :

Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Common Name: *.m.reyrey.net

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26


Fingerprints :

SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2555/www

Subject Name:

Common Name: *.m.reyrey.net

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26


Fingerprints :

SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/443/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2555/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2555/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2555/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/443/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2555/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2555/www

A TLSv1.2 server answered on this port.

tcp/2555/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/8004/www

A web server is running on this port.

91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/06/03, Modified: 2023/10/16
Plugin Output

tcp/80/www


URL : http://net-216-37-68-117.in-addr.worldspice.net/
Version : unknown

91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/06/03, Modified: 2023/10/16
Plugin Output

tcp/2555/www


URL : https://net-216-37-68-117.in-addr.worldspice.net:2555/
Version : unknown

42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/443/www


The STS header line is :

Strict-Transport-Security: max-age=86400; includeSubDomains

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

62564 - TLS Next Protocols Supported
-
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS connections.

Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/10/16, Modified: 2022/04/11
Plugin Output

tcp/443/www


The target advertises that the following protocols are
supported over SSL / TLS:

h2
http/1.1
136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2555/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.117 :
192.168.100.162

An error was detected along the way.

An error was detected along the way.

An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
96.108.31.146
162.151.119.145
68.86.95.113
96.110.34.98
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.117

Hop Count: 17

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/80/www



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://net-216-37-68-117.in-addr.worldspice.net/vMakhcstxGmw.html

106375 - nginx HTTP Server Detection
-
Synopsis
The nginx HTTP server was detected on the remote host.
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Published: 2018/01/26, Modified: 2023/05/24
Plugin Output

tcp/443/www


URL : https://net-216-37-68-117.in-addr.worldspice.net/
Version : unknown
source : Server: nginx
216.37.68.118
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 09:28:48 2023
End time: Thu Oct 26 10:06:12 2023
Host Information
DNS Name: net-216-37-68-118.in-addr.worldspice.net
IP: 216.37.68.118
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.118 resolves as net-216-37-68-118.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 1.739 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 9:29 CDT
Scan duration : 2230 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.118 :
192.168.100.162
192.168.100.1
216.37.68.118

Hop Count: 2
216.37.68.119
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 10:00:25 2023
End time: Thu Oct 26 10:37:56 2023
Host Information
DNS Name: net-216-37-68-119.in-addr.worldspice.net
IP: 216.37.68.119
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.119 resolves as net-216-37-68-119.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.334 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:00 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.119 :
192.168.100.162
192.168.100.1
216.37.68.119

Hop Count: 2
216.37.68.120
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 10:06:12 2023
End time: Thu Oct 26 10:43:37 2023
Host Information
DNS Name: net-216-37-68-120.in-addr.worldspice.net
IP: 216.37.68.120
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.120 resolves as net-216-37-68-120.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.661 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:06 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.120 :
192.168.100.162
192.168.100.1
216.37.68.120

Hop Count: 2
216.37.68.121
0
2
3
3
24
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 10:37:56 2023
End time: Thu Oct 26 10:55:46 2023
Host Information
DNS Name: mail.wmww.com
IP: 216.37.68.121
OS: CISCO IOS 15, CISCO IOS 12, Cisco IOS XE, CISCO PIX
Vulnerabilities

96802 - Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN) (uncredentialed check)
-
Synopsis
A remote device is affected by an information disclosure vulnerability.
Description
The IKE service running on the remote Cisco IOS device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings.

BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
See Also
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvb29204.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.1
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:C)
References
BID 93003
CVE CVE-2016-6415
XREF CISCO-BUG-ID:CSCvb29204
XREF CISCO-SA:cisco-sa-20160916-ikev1
XREF CISA-KNOWN-EXPLOITED:2023/06/09
Plugin Information
Published: 2017/01/26, Modified: 2023/05/20
Plugin Output

udp/500/ike

Memory content was returned in the following Notification payload :

0x0000: 00 00 00 01 01 00 00 0E 00 00 04 28 00 00 00 01 ...........(....
0x0010: 00 00 00 01 0C B1 00 00 03 0D 0D 60 00 00 00 02 ...........`....
0x0020: 03 0D 0D 60 44 00 00 82 03 0D 0D 60 00 00 00 06 ...`D......`....
0x0030: 0D 68 3A A8 0D 1B 59 78 03 0D 0D 80 0F 49 28 40 .h:...Yx.....I(@
0x0040: 03 0D 0D A8 08 75 BD 54 03 0D 0D 80 0F 48 53 20 .....u.T.....HS
0x0050: 01 00 BC FC 00 00 00 12 01 00 BC E4 00 00 00 01 ................
0x0060: 03 0D 0D E0 09 6B 01 0C 01 00 00 00 00 00 00 00 .....k..........
0x0070: 00 00 00 00 00 00 00 00 00 00 00 00 09 84 C3 C8 ................
0x0080: 0F 49 28 40 03 0D 0E A0 03 0D 0E 9C 03 0D 0E 98 .I(@............
0x0090: 0D 61 00 00 0E 06 13 90 03 0D 0E A8 0B 73 6E 88 .a...........sn.
0x00A0: 00 00 00 00 00 00 00 18 0F 08 C6 68 01 00 C1 60 ...........h...`
0x00B0: 00 00 00 03 00 00 00 05 0F 08 C6 68 01 00 BC E4 ...........h....
0x00C0: 03 0D 0D F0 09 66 73 2C 0B 7E 6F 28 0B 7E 70 90 .....fs,.~o(.~p.
0x00D0: 03 0D 0E 18 09 BF FA EC 03 0D 0E 38 0E 05 FF D8 ...........8....
0x00E0: 01 00 BC E4 0F 08 C6 68 00 00 00 03 09 BF F9 E0 .......h........
0x00F0: 00 00 00 03 00 00 00 05 03 0D 0E 38 09 BF FB 64 ...........8...d
0x0100: 09 BF F9 D8 09 BF F9 E0 02 F3 F9 24 01 00 BC E4 ...........$....
0x0110: 00 00 00 01 0E 06 12 00 03 0D 0E 60 09 66 57 E4 ...........`.fW.
0x0120: 08 78 77 D8 0E 05 FF D8 0C CE FD E8 00 00 00 00 .xw.............
0x0130: 0E 06 13 88 01 00 BC E4 01 00 93 68 0F 08 C6 68 ...........h...h
0x0140: 03 0D 0E 78 09 66 59 B0 0E 06 13 88 00 00 00 03 ...x.fY.........
0x0150: 01 00 BC E4 01 00 93 68 03 0D 0E 90 09 6C 00 A8 .......h.....l..
0x0160: FF FF FF FF 00 00 00 04 FF FF FF FF 00 00 00 00 ................
0x0170: 03 0D 0F 00 09 6C EC 6C 00 00 00 02 00 00 00 01 .....l.l........
0x0180: 0F 7C B7 FC FF FF FF FF 00 00 00 00 FF FF FF FF .|..............
0x0190: FF FF FF FF FF FF FF FF 09 6C EA 60 00 00 00 00 .........l.`....
0x01A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
0x01E0: 03 0D 0F 08 05 CA 01 88 00 00 00 00 05 C8 74 64 ..............td
0x01F0: FD 01 10 DF AB 12 34 CD FF FE 00 00 00 00 00 00 ......4.........
0x0200: 0B 81 19 D0 09 71 02 34 03 0D 0F 60 03 0C E0 14 .....q.4...`....
0x0210: 80 00 00 0E 00 00 00 01 00 00 00 00 01 00 00 01 ................
0x0220: 0E 42 1E C8 0B 80 18 A0 0B 80 03 7C 00 00 00 00 .B.........|....
0x0230: 00 00 01 36 00 00 00 00 00 00 00 00 FD 01 10 DF ...6............
0x0240: AB 12 34 CD FF FE 00 00 00 00 00 00 0A 4E 9D F8 ..4..........N..
0x0250: 09 BF AC 64 03 0D 0F AC 03 0D 0F 28 80 00 00 0E ...d.......(....
0x0260: 00 00 00 01 00 00 00 00 01 00 00 01 0E 42 1E C8 .............B..
0x0270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0280: 00 00 00 00 00 00 00 00 FD 01 10 DF AB 12 34 CD ..............4.
0x0290: FF FE 00 00 00 00 00 00 0B 86 14 64 09 82 97 C0 ...........d....
0x02A0: 03 0D 10 54 03 0D 0F 74 80 00 00 3C 00 00 00 01 ...T...t...<....
0x02B0: 00 00 00 00 01 00 00 01 0E 42 1E C8 02 F3 FC 10 .........B......
0x02C0: 0E 10 E5 CC 00 00 00 00 00 00 00 00 0E 10 E5 CC ................
0x02D0: 00 00 00 28 00 00 00 00 00 00 00 7C 00 00 00 80 ...(.......|....
0x02E0: 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 48 ...............H
0x02F0: 00 00 00 00 00 00 00 41 0D 68 3A A8 00 00 00 00 .......A.h:.....
0x0300: 00 00 00 00 00 00 00 00 00 00 00 00 53 41 44 42 ............SADB
0x0310: 20 53 41 20 48 65 61 64 65 72 20 00 03 0D 10 50 SA Header ....P
0x0320: 03 0D 10 50 00 00 00 00 00 00 00 00 00 00 00 01 ...P............
0x0330: FD 01 10 DF AB 12 34 CD FF FE 00 00 00 00 00 00 ......4.........
0x0340: 0A 4E 9D F8 08 7B D8 9C 03 0D 10 A0 03 0D 0F C0 .N...{..........
0x0350: 80 00 00 0E 00 00 00 01 00 00 00 00 01 00 00 01 ................
0x0360: 0E 42 1E C8 00 00 00 00 00 00 00 00 00 00 00 00 .B..............
0x0370: 00 00 00 00 00 00 00 00 00 00 00 00 FD 01 10 DF ................
0x0380: AB 12 34 CD 01 38 00 00 00 00 01 38 0A 49 DA A0 ..4..8.....8.I..
0x0390: 08 78 99 A0 03 0D 14 04 03 0D 10 68 80 00 01 9A .x.........h....
0x03A0: 00 00 00 01 00 00 00 00 01 00 01 3F 01 BF 84 74 ...........?...t
0x03B0: 0F CC 4B 34 0F CC 79 70 00 00 00 00 09 70 AB 5C ..K4..yp.....p.\
0x03C0: 00 00 00 00 0B 81 0A 0C 0D 61 00 00 0B 4A 99 08 .........a...J..
0x03D0: 0B 81 09 C8 0B 81 09 9C 0D 61 00 00 0D 61 00 00 .........a...a..
0x03E0: 0B 81 09 58 0F CC 79 B8 0F CC 79 B0 0F CC 79 AC ...X..y...y...y.
0x03F0: 0F CC 79 A8 0E 06 1D 80 0E F3 23 34 00 00 00 00 ..y.......#4....
0x0400: 0C 25 00 00 24 00 00 28 08 78 78 40 02 02 92 00 .%..$..(.xx@....
0x0410: 00 00 00 00 00 00 00 00 00 00 00 00 09 70 AB 5C .............p.\
0x0420: 00 00 00 00 00 01 00 00 00 00 00 01 00 00 00 00 ................
0x0430:

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

62694 - Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key
-
Synopsis
The remote IKEv1 service supports Aggressive Mode with Pre-Shared key.
Description
The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks.
See Also
Solution
- Disable Aggressive Mode if supported.
- Do not use Pre-Shared key for authentication if it's possible.
- If using Pre-Shared key cannot be avoided, use very strong keys.
- If possible, do not allow VPN connections from any IP addresses.

Note that this plugin does not run over IPv6.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
2.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 7423
CVE CVE-2002-1623
XREF CERT:886601
Plugin Information
Published: 2012/10/24, Modified: 2021/08/13
Plugin Output

udp/500/ike

42263 - Unencrypted Telnet Server
-
Synopsis
The remote Telnet server transmits traffic in cleartext.
Description
The remote host is running a Telnet server over an unencrypted channel.

Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.
Solution
Disable the Telnet service and use SSH instead.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2009/10/27, Modified: 2020/06/12
Plugin Output

tcp/23/telnet


Nessus collected the following banner from the remote Telnet server :

------------------------------ snip ------------------------------

-------------------------------------
Reynolds & Reynolds Maintained Device

Unauthorized Access is Prohibited!
-------------------------------------


User Access Verification

Username:
------------------------------ snip ------------------------------

70658 - SSH Server CBC Mode Ciphers Enabled
-
Synopsis
The SSH server is configured to use Cipher Block Chaining.
Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.

Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
Risk Factor
Low
VPR Score
6.5
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 32319
CVE CVE-2008-5161
XREF CERT:958563
XREF CWE:200
Plugin Information
Published: 2013/10/28, Modified: 2018/07/30
Plugin Output

tcp/22/ssh


The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
153953 - SSH Weak Key Exchange Algorithms Enabled
-
Synopsis
The remote SSH server is configured to allow weak key exchange algorithms.
Description
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
See Also
Solution
Contact the vendor or consult product documentation to disable the weak algorithms.
Risk Factor
Low
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2021/10/13, Modified: 2021/10/13
Plugin Output

tcp/22/ssh


The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
71049 - SSH Weak MAC Algorithms Enabled
-
Synopsis
The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
Description
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk Factor
Low
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2013/11/22, Modified: 2016/12/14
Plugin Output

tcp/22/ssh


The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-sha1-96

The following server-to-client Message Authentication Code (MAC) algorithms
are supported :

hmac-sha1-96

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE's :

cpe:/o:cisco:ios:12 -> Cisco IOS
cpe:/o:cisco:ios:15 -> Cisco IOS
cpe:/o:cisco:ios_xe -> Cisco IOS XE
cpe:/o:cisco:pix_firewall -> Cisco PIX Firewall Software

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : router
Confidence level : 69
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.121 resolves as mail.wmww.com.

11935 - IPSEC Internet Key Exchange (IKE) Version 1 Detection
-
Synopsis
A VPN server is listening on the remote port.
Description
The remote host seems to be enabled to do Internet Key Exchange (IKE) version 1. This is typically indicative of a VPN server. VPN servers are used to connect remote hosts into internal resources.

Make sure that the use of this VPN endpoint is done in accordance with your corporate security policy.

Note that if the remote host is not configured to allow the Nessus host to perform IKE/IPSEC negotiations, Nessus won't be able to detect the IKE service.

Also note that this plugin does not run over IPv6.
Solution
If this service is not needed, disable it or filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0900
Plugin Information
Published: 2003/12/02, Modified: 2020/09/22
Plugin Output

udp/500/ike

62695 - IPSEC Internet Key Exchange (IKE) Version 2 Detection
-
Synopsis
A VPN server is listening on the remote port.
Description
The remote host seems to be enabled to do Internet Key Exchange (IKE).
This is typically indicative of a VPN server. VPN servers are used to connect remote hosts into internal resources.

Make sure that the use of this VPN endpoint is done in accordance with your corporate security policy.

Note that if the remote host is not configured to allow the Nessus host to perform IKE/IPSEC negotiations, Nessus won't be able to detect the IKE service.

Also note that this plugin does not run over IPv6.
Solution
If this service is not needed, disable it or filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0900
Plugin Information
Published: 2012/10/24, Modified: 2020/09/22
Plugin Output

udp/500/ike

Nessus was able to get the following IKE vendor ID(s) :
CISCO-DELETE-REASON
FLEXVPN-SUPPORTED

46215 - Inconsistent Hostname and IP Address
-
Synopsis
The remote host's hostname is not consistent with DNS information.
Description
The name of this machine either does not resolve or resolves to a different IP address.

This may come from a badly configured reverse DNS or from a host file in use on the Nessus scanning host.

As a result, URLs in plugin output may not be directly usable in a web browser and some web tests may be incomplete.
Solution
Fix the reverse DNS or host file.
Risk Factor
None
Plugin Information
Published: 2010/05/03, Modified: 2016/08/05
Plugin Output

tcp/0

The host name 'mail.wmww.com' resolves to 76.223.54.146, not to 216.37.68.121

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/22/ssh

Port 22/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/23/telnet

Port 23/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 78.030 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:37 CDT
Scan duration : 1070 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : CISCO IOS 15
CISCO IOS 12
Cisco IOS XE
CISCO PIX
Confidence level : 69
Method : SSH


The remote host is running one of these operating systems :
CISCO IOS 15
CISCO IOS 12
Cisco IOS XE
CISCO PIX
117886 - OS Security Patch Assessment Not Available
-
Synopsis
OS Security Patch Assessment is not available.
Description
OS Security Patch Assessment is not available on the remote host.
This does not necessarily indicate a problem with the scan.
Credentials may not have been provided, OS security patch assessment may not be supported for the target, the target may not have been identified, or another issue may have occurred that prevented OS security patch assessment from being available. See plugin output for details.

This plugin reports non-failure information impacting the availability of OS Security Patch Assessment. Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Published: 2018/10/02, Modified: 2021/07/12
Plugin Output

tcp/0


The following issues were reported :

- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 23 (17 hops away)
- 22 (17 hops away)

The operating system was identified as :

CISCO IOS 12.1
CISCO IOS 12.4

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

70657 - SSH Algorithms and Languages Supported
-
Synopsis
An SSH server is listening on this port.
Description
This script detects which algorithms and languages are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/28, Modified: 2017/08/28
Plugin Output

tcp/22/ssh


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc

The server supports the following options for mac_algorithms_client_to_server :

hmac-sha1
hmac-sha1-96

The server supports the following options for mac_algorithms_server_to_client :

hmac-sha1
hmac-sha1-96

The server supports the following options for compression_algorithms_client_to_server :

none

The server supports the following options for compression_algorithms_server_to_client :

none
149334 - SSH Password Authentication Accepted
-
Synopsis
The SSH server on the remote host accepts password authentication.
Description
The SSH server on the remote host accepts password authentication.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/05/07, Modified: 2021/05/07
Plugin Output

tcp/22/ssh

10881 - SSH Protocol Versions Supported
-
Synopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/03/06, Modified: 2021/01/19
Plugin Output

tcp/22/ssh

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0
153588 - SSH SHA-1 HMAC Algorithms Enabled
-
Synopsis
The remote SSH server is configured to enable SHA-1 HMAC algorithms.
Description
The remote SSH server is configured to enable SHA-1 HMAC algorithms.

Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions.

Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/09/23, Modified: 2022/04/05
Plugin Output

tcp/22/ssh


The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are supported :

hmac-sha1
hmac-sha1-96

The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are supported :

hmac-sha1
hmac-sha1-96
10267 - SSH Server Type and Version Information
-
Synopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Published: 1999/10/12, Modified: 2020/09/22
Plugin Output

tcp/22/ssh


SSH version : SSH-2.0-Cisco-1.25
SSH supported authentication : publickey,keyboard-interactive,password
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/22/ssh

An SSH server is running on this port.

110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
-
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote service using the provided credentials. There may have been a protocol failure that prevented authentication from being attempted or all of the provided credentials for the authentication protocol may be invalid. See plugin output for error details.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Published: 2018/06/27, Modified: 2023/02/13
Plugin Output

tcp/0

SSH was detected on port 22 but no credentials were provided.
SSH local checks were not enabled.

10281 - Telnet Server Detection
-
Synopsis
A Telnet server is listening on the remote port.
Description
The remote host is running a Telnet server, a remote terminal server.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2020/06/12
Plugin Output

tcp/23/telnet

Here is the banner from the remote Telnet server :

------------------------------ snip ------------------------------

-------------------------------------
Reynolds & Reynolds Maintained Device

Unauthorized Access is Prohibited!
-------------------------------------


User Access Verification

Username:
------------------------------ snip ------------------------------

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.121 :
192.168.100.162

An error was detected along the way.

An error was detected along the way.

An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
96.108.31.146
162.151.119.145
68.86.95.113
96.110.34.98
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.121

Hop Count: 17
216.37.68.122
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 10:43:37 2023
End time: Thu Oct 26 11:21:09 2023
Host Information
DNS Name: net-216-37-68-122.in-addr.worldspice.net
IP: 216.37.68.122
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.122 resolves as net-216-37-68-122.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.494 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:43 CDT
Scan duration : 2239 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.122 :
192.168.100.162
192.168.100.1
216.37.68.122

Hop Count: 2
216.37.68.123
0
1
4
0
33
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 10:55:46 2023
End time: Thu Oct 26 11:46:54 2023
Host Information
DNS Name: net-216-37-68-123.in-addr.worldspice.net
IP: 216.37.68.123
OS: Microsoft Windows 10
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

142960 - HSTS Missing From HTTPS Server (RFC 6797)
-
Synopsis
The remote web server is not enforcing HSTS, as defined by RFC 6797.
Description
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2020/11/17, Modified: 2023/06/08
Plugin Output

tcp/8010/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/8010/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/8010/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_10 -> Microsoft Windows 10 64-bit

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:10.0 -> Microsoft IIS

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 75

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/8010/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

43111 - HTTP Methods Allowed (per directory)
-
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/12/10, Modified: 2022/04/11
Plugin Output

tcp/80/www

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :

/
10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

Microsoft-IIS/10.0

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.123 resolves as net-216-37-68-123.in-addr.worldspice.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD, POST
Headers :

Content-Type: text/html
Last-Modified: Mon, 09 Jul 2018 21:05:27 GMT
Accept-Ranges: bytes
ETag: "ba9fd28fc817d41:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 26 Oct 2023 16:17:32 GMT
Content-Length: 703

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows Server</title>
<style type="text/css">
<!--
body {
color:#000000;
background-color:#0072C6;
margin:0;
}

#container {
margin-left:auto;
margin-right:auto;
text-align:center;
}

a img {
border:none;
}

-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/8010/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Length: 4532
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'

Response Body :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://net-216-37-68-123.in-addr.worldspice.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443

Port 443/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/8010/www

Port 8010/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 77.867 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:55 CDT
Scan duration : 3059 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Microsoft Windows 10
Confidence level : 75
Method : HTTP


The remote host is running Microsoft Windows 10
31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 8010 (15 hops away)
- 443 (15 hops away)
- 80 (15 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Linux Kernel 2.6

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/8010/www


This port supports TLSv1.3/TLSv1.2.
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/8010/www

Subject Name:

Common Name: net-216-37-68-123.in-addr.worldspice.net

Issuer Name:

Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: FG3H0ETB18900177
Email Address: support@fortinet.com

Serial Number: 03 17 59 21 BB 10 4F B1 C8 37

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 48 4C 21 D2 46 4B 98 4B 33 89 52 BE B6 6A EF D4 82 E7
F2 8A 49 C1 8A F9 8C 67 17 93 4F 8B 98 6F 13 0D 7F 9F F8 23
91 49 1E 97 58 B6 A7 CD D6 1E C5 15 26 B8 3A 03 BD 0C 38 CC
1B E3 77 23 76 33 1D E3 CF 80 BF 5A E4 08 FE 9F B2 22 71 68
FF E7 79 CA D2 EC FC 6E 91 7E 7B 85 BA 40 43 30 FD AF 14 14
FD 61 5D 6E 03 AD 0B 72 4A B0 4D 9F 3E 0C 4D 73 66 11 88 6F
C8 6D A3 38 05 79 2E 68 12 2D 34 B3 67 A8 C2 A2 47 FD 69 67
17 A0 BB 09 92 9C 05 13 A1 C5 C1 4B 91 23 11 8B 9D 0A E0 0C
AA E9 23 5C 49 75 2A 20 25 3A 1F F7 BE A8 26 B8 48 4B D8 30
AF 76 2C 7B C1 4D AD 00 7D 18 38 88 D1 1A 99 BA 72 B4 F6 59
14 29 79 ED A6 6E B7 F6 B7 BA 3B 1B 7C 2B 66 EE 68 98 F8 DA
4C 82 00 F0 02 28 84 47 C2 E3 35 4A 0F D9 9D 0B F3 A3 84 9E
F9 16 3E 8D 05 34 1F 17 00 DE 0B F3 ED D9 CA 81 17
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 40 8C D2 63 34 66 FC 63 A5 80 97 6D FA B8 62 52 67 69 7D
59 4B D0 D9 49 8B B4 93 95 A1 D2 72 FC 40 8A A6 B7 B7 13 7B
8E 3D F6 6B C9 9B 4F 1A 70 CB 05 9D 53 90 8B BA A9 79 D5 1C
3D 14 68 0A 02 EE 03 DA D5 BB 63 8B 53 EE 2A A2 B4 EA 86 FF
73 FA 42 05 90 C4 D5 41 4D 79 35 66 BA 7B C1 B2 44 E2 AA 59
C9 89 CD CF 59 29 13 43 5A 51 96 27 89 56 8F D5 1D C3 B0 BC
D7 40 21 10 9D BC 86 6B 61 7C B8 37 2C 53 41 AA 64 A1 DB CC
31 13 08 5C 11 DC 4C 24 E2 71 CF 10 13 F3 2D 06 55 BB E6 31
B2 DD 42 61 B9 88 0B DD 1B 2E 9E C1 2E 44 56 56 6F 1D FB FD
D7 09 6A 9A 12 20 E2 79 60 95 0F 9B EB 23 2D 63 AF D9 C8 39
A2 47 98 2B 62 1A 4D 36 DF E8 EB 48 38 90 CC 51 29 59 16 BF
CD 2D A7 CF 06 B0 50 56 8F E4 ED 76 AE 0F EC 0C FA 9B C6 85
4C 53 0E 46 4C D3 4D 62 FF 1C 1A 15 93 E9 A4 47 DA

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: net-216-37-68-123.in-addr.worldspice.net


Fingerprints :

SHA-256 Fingerprint: 1B 21 5B 34 35 77 C0 5B A4 5A 8D E1 78 E2 16 33 D6 F2 75 0B
8F 03 79 B4 6E 68 83 6A DF C1 9E DD
SHA-1 Fingerprint: 9A 41 08 F5 EE F8 C1 10 2D 5D 8D 83 8F FD 4D 91 03 3E 5F 10
MD5 Fingerprint: 58 F2 87 19 EA 76 47 7B 97 95 C0 BB D0 D2 03 6E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIKAxdZIbsQT7HINzANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAwwQRkczSDBFVEIxODkwMDE3NzEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwODE2MTUzNDE5WhcNMzAwODE3MTUzNDE5WjAzMTEwLwYDVQQDDChuZXQtMjE2LTM3LTY4LTEyMy5pbi1hZGRyLndvcmxkc3BpY2UubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEhMIdJGS5hLM4lSvrZq79SC5/KKScGK+YxnF5NPi5hvEw1/n/gjkUkel1i2p83WHsUVJrg6A70MOMwb43cjdjMd48+Av1rkCP6fsiJxaP/necrS7PxukX57hbpAQzD9rxQU/WFdbgOtC3JKsE2fPgxNc2YRiG/IbaM4BXkuaBItNLNnqMKiR/1pZxeguwmSnAUTocXBS5EjEYudCuAMqukjXEl1KiAlOh/3vqgmuEhL2DCvdix7wU2tAH0YOIjRGpm6crT2WRQpee2mbrf2t7o7G3wrZu5omPjaTIIA8AIohEfC4zVKD9mdC/OjhJ75Fj6NBTQfFwDeC/Pt2cqBFwIDAQABo0IwQDAJBgNVHRMEAjAAMDMGA1UdEQQsMCqCKG5ldC0yMTYtMzctNjgtMTIzLmluLWFkZHIud29ybGRzcGljZS5uZXQwDQYJKoZIhvcNAQELBQADggEBAECM0mM0ZvxjpYCXbfq4YlJnaX1ZS9DZSYu0k5Wh0nL8QIqmt7cTe4499mvJm08acMsFnVOQi7qpedUcPRRoCgLuA9rVu2OLU+4qorTqhv9z+kIFkMTVQU15NWa6e8GyROKqWcmJzc9ZKRNDWlGWJ4lWj9Udw7C810AhEJ28hmthfLg3LFNBqmSh28wxEwhcEdxMJOJxzxAT8y0GVbvmMbLdQmG5iAvdGy6ewS5EVlZvHfv91wlqmhIg4nlglQ+b6yMtY6/ZyDmiR5grYhpNNt/o60g4kMxRKVkWv80tp88GsFBWj+Ttdq4P7Az6m8aFTFMORkzTTWL/HBoVk+mkR9o=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8010/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/8010/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/8010/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/8010/www


The following root Certification Authority certificate was found :

|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Valid From : Nov 06 06:12:11 2018 GMT
|-Valid To : Nov 06 06:12:11 2028 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/8010/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/8010/www

A TLSv1.2 server answered on this port.

tcp/8010/www

A web server is running on this port through TLSv1.2.

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/8010/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.123 :
192.168.100.162

An error was detected along the way.

An error was detected along the way.

An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.117
96.110.34.102
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.123

Hop Count: 16

10386 - Web Server No 404 Error Code Check
-
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/04/28, Modified: 2022/06/17
Plugin Output

tcp/8010/www


The following string will be used :
TYPE=password

11422 - Web Server Unconfigured - Default Install Page Present
-
Synopsis
The remote web server is not configured or is improperly configured.
Description
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all or is serving content that is meant to be hidden.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information
Published: 2003/03/20, Modified: 2018/08/15
Plugin Output

tcp/80/www


The default welcome page is from IIS.
216.37.68.124
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 11:21:09 2023
End time: Thu Oct 26 11:58:40 2023
Host Information
DNS Name: net-216-37-68-124.in-addr.worldspice.net
IP: 216.37.68.124
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.124 resolves as net-216-37-68-124.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.991 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 11:21 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.124 :
192.168.100.162
192.168.100.1
216.37.68.124

Hop Count: 2
216.37.68.125
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 11:46:54 2023
End time: Thu Oct 26 12:24:26 2023
Host Information
DNS Name: net-216-37-68-125.in-addr.worldspice.net
IP: 216.37.68.125
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.125 resolves as net-216-37-68-125.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.842 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 11:47 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.125 :
192.168.100.162
192.168.100.1
216.37.68.125

Hop Count: 2
216.37.68.126
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 11:58:40 2023
End time: Thu Oct 26 12:36:12 2023
Host Information
DNS Name: net-216-37-68-126.in-addr.worldspice.net
IP: 216.37.68.126
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.126 resolves as net-216-37-68-126.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.999 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 11:58 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.126 :
192.168.100.162
192.168.100.1
216.37.68.126

Hop Count: 2
216.37.68.127
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Thu Oct 26 12:24:26 2023
End time: Thu Oct 26 13:01:55 2023
Host Information
DNS Name: net-216-37-68-127.in-addr.worldspice.net
IP: 216.37.68.127
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


216.37.68.127 resolves as net-216-37-68-127.in-addr.worldspice.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.570 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 12:24 CDT
Scan duration : 2235 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 216.37.68.127 :
192.168.100.162
192.168.100.1
216.37.68.127

Hop Count: 2
50.206.100.145
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 15:46:17 2023
End time: Wed Oct 25 16:23:42 2023
Host Information
DNS Name: xe-1-1-10-3899-sur01.bartlett.tn.malt.comcast.net
IP: 50.206.100.145
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.206.100.145 resolves as xe-1-1-10-3899-sur01.bartlett.tn.malt.comcast.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 74.399 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 15:46 CDT
Scan duration : 2235 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.206.100.145 :
192.168.100.162
192.168.100.1
50.206.100.145

Hop Count: 2
50.206.100.146
0
1
3
0
24
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 15:46:17 2023
End time: Wed Oct 25 16:21:28 2023
Host Information
IP: 50.206.100.146
OS: FortiOS on Fortinet FortiGate
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/443/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : O=Fortinet Ltd./CN=FortiGate

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE's :

cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : firewall
Confidence level : 100

17367 - Fortinet FortiGate Web Console Management Detection
-
Synopsis
A firewall management console is running on the remote host.
Description
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.

Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
See Also
Solution
Filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2005/03/18, Modified: 2023/07/18
Plugin Output

tcp/443/www


The following instance of FortiOS Web Interface was detected on the remote host :

Version : >= 5.4
URL : https://50.206.100.146/
24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Encoding: gzip
Content-Type: text/html
ETag: b172f9cee57d8826b06dac8859adf13b
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Wed, 25 Oct 2023 21:04:45 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Response Body :

.ã.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 59.572 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 15:46 CDT
Scan duration : 2101 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML


The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 443 (7 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.3/TLSv1.2.
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Issuer Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Serial Number: 0E 0B 76 CE 07 EB 8C 0F

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jul 31 20:32:56 2022 GMT
Not Valid After: Jul 31 20:32:56 2032 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 E2 65 7C 22 BD 9D C2 5F F2 8F AC 96 FC 88 68 5E 41 53 85
B6 A1 50 C9 00 A4 09 E4 86 82 36 89 CA F8 6D 2F 1A 01 85 6F
B4 94 5A A8 6B 35 E7 42 68 2A 35 90 9B A9 0E 6B 96 0D ED 50
B1 D3 49 69 09 8C 59 F1 29 38 F7 84 F0 F5 D0 01 B6 57 CE 09
F9 66 C3 FD EA 7D E0 03 3C D7 E8 B3 8C A5 BD 86 B0 32 32 55
1F B2 E3 15 46 48 17 82 51 43 2E AF C2 4D AF 02 04 2D 0C 6E
2D 67 23 31 D0 8C D5 11 22 95 3B A5 50 5A 46 CC 43 87 59 A5
AB 2B 4E B2 60 DA 86 4E 58 0D 98 B2 07 4E 9C BD 6D C3 1D FB
09 15 1D 81 46 B1 96 C3 A1 C4 6D 10 F5 A4 4A 2B D6 B5 22 45
42 04 BD CB 2F B5 54 A7 4B 81 C9 5F 54 CA 3C A0 C7 22 35 31
9A D6 63 1E D9 3E FA E1 D3 F8 4B D6 C8 8D 32 BE 81 15 BA B0
E2 23 16 CF 12 22 CF F7 FA 76 1A FA 9E B2 FC 7C 04 1E 47 FF
96 01 A8 A3 35 57 B8 17 DD E3 1B 27 CF 49 F5 F4 0D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 5F A1 1F AE 87 17 C6 F4 2A F1 C8 23 E2 17 18 AC E1 21 56
77 68 4D 07 2D 46 06 B6 12 A0 9B 99 A9 E7 8A 2E 50 1A C0 EE
F7 F3 3A B2 A4 69 97 6E 7C 09 81 0A 3C 26 8C 92 5F 94 DD 96
BB C5 C4 E5 AA 99 F0 A6 57 07 33 77 48 19 7A 49 53 F8 73 5A
72 F8 7B ED B9 8C 8F 3D 72 29 51 63 EC 86 64 50 38 D4 39 5B
2A 50 C3 EB 5A 45 3C 0B 02 7F 22 5A FD 26 90 CE CF 7D 7D F4
9E 8D A6 9B 31 45 60 46 50 7E D8 3F 11 0B 50 50 4B 34 70 A9
E7 A3 49 FF 51 F1 B8 2D 7D 28 47 1C C9 01 7A 5A 80 E0 CF 1A
79 FF 19 92 3E 23 9E 14 3A 02 76 77 0E A9 24 3F 08 21 4F 4A
48 D4 99 0C 19 1D B7 E5 22 27 68 DA 53 FD EC 08 FD C5 35 0F
F1 29 3C 54 67 6E ED 82 59 F5 C9 DD AC 51 E3 15 D5 58 FE 41
47 CD 7D 74 D3 28 D3 B2 26 44 C6 BD 04 7A 6B 28 99 A9 E9 C3
F8 FF 15 74 97 D2 11 27 B2 73 13 36 77 F7 47 9F C3

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Fingerprints :

SHA-256 Fingerprint: FA 06 05 28 C7 73 C1 89 05 06 0E 24 FC 91 41 F3 3B F8 39 C9
07 35 DB D5 59 A3 2F 41 A3 6D E1 0D
SHA-1 Fingerprint: D6 D3 9A E4 08 23 3E 36 8A 19 AE 15 7E 76 8C 5D C6 B2 00 92
MD5 Fingerprint: C8 46 D5 D6 CB 67 5C D9 F6 D4 2F 03 55 FC 00 58


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIIDgt2zgfrjA8wDQYJKoZIhvcNAQELBQAwLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMB4XDTIyMDczMTIwMzI1NloXDTMyMDczMTIwMzI1NlowLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mV8Ir2dwl/yj6yW/IhoXkFThbahUMkApAnkhoI2icr4bS8aAYVvtJRaqGs150JoKjWQm6kOa5YN7VCx00lpCYxZ8Sk494Tw9dABtlfOCflmw/3qfeADPNfos4ylvYawMjJVH7LjFUZIF4JRQy6vwk2vAgQtDG4tZyMx0IzVESKVO6VQWkbMQ4dZpasrTrJg2oZOWA2YsgdOnL1twx37CRUdgUaxlsOhxG0Q9aRKK9a1IkVCBL3LL7VUp0uByV9UyjygxyI1MZrWYx7ZPvrh0/hL1siNMr6BFbqw4iMWzxIiz/f6dhr6nrL8fAQeR/+WAaijNVe4F93jGyfPSfX0DQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBfoR+uhxfG9CrxyCPiFxis4SFWd2hNBy1GBrYSoJuZqeeKLlAawO738zqypGmXbnwJgQo8JoySX5TdlrvFxOWqmfCmVwczd0gZeklT+HNacvh77bmMjz1yKVFj7IZkUDjUOVsqUMPrWkU8CwJ/Ilr9JpDOz3199J6NppsxRWBGUH7YPxELUFBLNHCp56NJ/1HxuC19KEccyQF6WoDgzxp5/xmSPiOeFDoCdncOqSQ/CCFPSkjUmQwZHbflIido2lP97Aj9xTUP8Sk8VGdu7YJZ9cndrFHjFdVY/kFHzX100yjTsiZExr0Eemsomanpw/j/FXSX0hEnsnMTNnf3R5/D
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/443/www


The STS header line is :

Strict-Transport-Security: max-age=15552000

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.206.100.146 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.86.240.134
162.151.118.254
50.206.100.146

Hop Count: 8

100669 - Web Application Cookies Are Expired
-
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Published: 2017/06/07, Modified: 2021/12/20
Plugin Output

tcp/443/www


The following cookies are expired :

Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :
50.206.100.147
0
1
1
0
8
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 16:21:28 2023
End time: Wed Oct 25 16:58:35 2023
Host Information
IP: 50.206.100.147
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.087 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 16:21 CDT
Scan duration : 2213 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.206.100.147 :
192.168.100.162
192.168.100.1
50.206.100.147

Hop Count: 2
50.206.100.148
0
1
1
0
8
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 16:23:42 2023
End time: Wed Oct 25 17:00:48 2023
Host Information
IP: 50.206.100.148
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.283 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 16:23 CDT
Scan duration : 2213 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.206.100.148 :
192.168.100.162
192.168.100.1
50.206.100.148

Hop Count: 2
50.206.100.149
0
1
1
0
8
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 16:58:35 2023
End time: Wed Oct 25 17:35:42 2023
Host Information
IP: 50.206.100.149
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.859 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 16:58 CDT
Scan duration : 2213 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.206.100.149 :
192.168.100.162
192.168.100.1
50.206.100.149

Hop Count: 2
50.206.100.150
0
1
1
0
8
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 17:00:48 2023
End time: Wed Oct 25 17:37:55 2023
Host Information
IP: 50.206.100.150
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.462 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 17:01 CDT
Scan duration : 2213 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.206.100.150 :
192.168.100.162
192.168.100.1
50.206.100.150

Hop Count: 2
50.246.153.193
0
1
3
0
26
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 17:35:42 2023
End time: Wed Oct 25 18:12:33 2023
Host Information
DNS Name: 50-246-153-193-static.hfc.comcastbusiness.net
IP: 50.246.153.193
OS: FortiOS on Fortinet FortiGate
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/443/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : O=Fortinet Ltd./CN=FortiGate

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE's :

cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : firewall
Confidence level : 100

17367 - Fortinet FortiGate Web Console Management Detection
-
Synopsis
A firewall management console is running on the remote host.
Description
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.

Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
See Also
Solution
Filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2005/03/18, Modified: 2023/07/18
Plugin Output

tcp/443/www


The following instance of FortiOS Web Interface was detected on the remote host :

Version : >= 5.4
URL : https://50-246-153-193-static.hfc.comcastbusiness.net/

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.246.153.193 resolves as 50-246-153-193-static.hfc.comcastbusiness.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Encoding: gzip
Content-Type: text/html
ETag: 89e3321d7f1087cc067df54b0bf85dd6
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Wed, 25 Oct 2023 22:55:06 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Response Body :

...

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 72.453 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 17:35 CDT
Scan duration : 2201 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML


The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 443 (9 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

50-246-153-193-static.hfc.comcastbusiness.net

The Common Name in the certificate is :

fortigate
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Issuer Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Serial Number: 44 24 A4 22

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jul 31 18:15:29 2022 GMT
Not Valid After: Jul 31 18:15:29 2032 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D4 CD 6F BD 0D 4E 73 6F BE 1A 14 4D EB 5D C1 F0 E9 09 58
AE 54 D6 1F E3 11 5E 1C 0B 55 79 0B 63 41 DB 7C 9B A8 81 5F
58 7F 3F 8D BD 48 56 D5 CE 56 6E 50 8D 99 A4 B8 A5 80 79 8F
7B CD CB 88 68 B7 5E E2 74 4B 7F FC 58 6E C8 F6 14 82 63 01
4B 7A 71 6F 16 85 C6 BB 45 1C 1A D5 90 40 E1 B9 6A 01 18 D4
43 A8 84 78 66 55 EF 36 4E 27 39 6E EC F1 CC 18 23 9F 4D 6B
E8 28 45 A8 7C 90 33 E3 47 9D 31 7F BC 2B 2A 81 69 88 3A 35
13 0C 6F 5C 1B 6D 40 3B 1F 42 F2 13 CD 2B A4 1F AF C5 6E 16
61 E6 F6 DA 3C 4D A7 45 2B 92 3F A8 96 F9 80 95 5A CA 58 AC
05 44 7F 64 48 2C DC F4 44 FC EB A1 F5 8C 48 26 63 15 5E 19
68 5D A3 18 30 18 2E 86 7D 47 F0 B2 A8 DC 0A 6C EC E2 D4 36
03 65 80 43 30 F9 B2 4F A7 3D FF 43 C3 25 D9 CB B0 7C AC F4
09 C2 2B 27 51 4F EB 81 4A E0 5F A0 98 86 3F B8 3B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 C0 1D 52 3F B3 72 F3 88 E9 1A 28 8D 63 CF 28 81 62 31 79
FB 36 94 30 D0 7F 71 B3 5C 51 92 CB 0B D3 6F 87 31 8C AB D5
57 6C 74 6F B6 9E 8D 8D 14 46 48 1D C4 19 F3 8B DC 6B 03 D8
6D FD B0 91 D7 3C 4C 0C 5E 43 DA 30 F7 C4 57 12 54 4E C5 40
A4 A0 33 36 BA 27 15 69 D0 77 8A F0 EF AB D2 77 FF CF 4D 03
FC 74 DA C5 3F 11 43 F4 7A 9D 8C 52 09 15 51 EF 86 D6 06 93
3D 33 91 94 2F A7 A6 C6 04 5F 08 BA C1 A2 82 0F 7D E1 2F 4E
06 75 4D 4C 7E 2D C0 85 5B 8C 56 2F BB 00 39 61 E5 AC 92 94
3A 92 FE B8 53 B7 0B 55 28 65 87 81 C3 E2 6B 3F 03 A4 51 13
44 B5 61 D5 4C AF 1C BB D9 29 9B D2 4B 18 EE 1C 5F 1B 39 7F
8C A1 91 B0 52 94 37 BA 1F A9 DA 03 10 6F 5C 7C A6 CB C1 D5
47 A8 35 7C A6 FE 03 13 92 2D 07 D0 D0 F7 51 53 4A 57 F1 B4
FA C7 34 92 EB 38 76 04 24 24 65 56 E6 98 D1 1F C0

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Fingerprints :

SHA-256 Fingerprint: 9B BB C5 7D 03 D1 91 A8 54 45 16 D7 B5 89 24 F9 D9 2D C3 0B
F3 A3 DF 31 92 43 29 F6 FA 6F 6C 58
SHA-1 Fingerprint: 1C 9C 31 DC 08 4C 01 84 C0 15 A2 77 A4 56 AB 5C 36 74 F5 16
MD5 Fingerprint: 8C C4 D6 A8 1B 3A 80 68 A9 FA 16 D3 2B 28 96 38


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIC4zCCAcugAwIBAgIERCSkIjANBgkqhkiG9w0BAQsFADAsMRYwFAYDVQQKDA1Gb3J0aW5ldCBMdGQuMRIwEAYDVQQDDAlGb3J0aUdhdGUwHhcNMjIwNzMxMTgxNTI5WhcNMzIwNzMxMTgxNTI5WjAsMRYwFAYDVQQKDA1Gb3J0aW5ldCBMdGQuMRIwEAYDVQQDDAlGb3J0aUdhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUzW+9DU5zb74aFE3rXcHw6QlYrlTWH+MRXhwLVXkLY0HbfJuogV9Yfz+NvUhW1c5WblCNmaS4pYB5j3vNy4hot17idEt//FhuyPYUgmMBS3pxbxaFxrtFHBrVkEDhuWoBGNRDqIR4ZlXvNk4nOW7s8cwYI59Na+goRah8kDPjR50xf7wrKoFpiDo1EwxvXBttQDsfQvITzSukH6/FbhZh5vbaPE2nRSuSP6iW+YCVWspYrAVEf2RILNz0RPzrofWMSCZjFV4ZaF2jGDAYLoZ9R/CyqNwKbOzi1DYDZYBDMPmyT6c9/0PDJdnLsHys9AnCKydRT+uBSuBfoJiGP7g7AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAMAdUj+zcvOI6RoojWPPKIFiMXn7NpQw0H9xs1xRkssL02+HMYyr1VdsdG+2no2NFEZIHcQZ84vcawPYbf2wkdc8TAxeQ9ow98RXElROxUCkoDM2uicVadB3ivDvq9J3/89NA/x02sU/EUP0ep2MUgkVUe+G1gaTPTORlC+npsYEXwi6waKCD33hL04GdU1Mfi3AhVuMVi+7ADlh5aySlDqS/rhTtwtVKGWHgcPiaz8DpFETRLVh1UyvHLvZKZvSSxjuHF8bOX+MoZGwUpQ3uh+p2gMQb1x8psvB1UeoNXym/gMTki0H0ND3UVNKV/G0+sc0kus4dgQkJGVW5pjRH8A=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/443/www


The STS header line is :

Strict-Transport-Security: max-age=15552000

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.246.153.193 :
192.168.100.162
192.168.100.1
50.246.153.193

Hop Count: 2

100669 - Web Application Cookies Are Expired
-
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Published: 2017/06/07, Modified: 2021/12/20
Plugin Output

tcp/443/www


The following cookies are expired :

Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :
50.246.153.194
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 17:37:55 2023
End time: Wed Oct 25 18:01:07 2023
Host Information
DNS Name: 50-246-153-194-static.hfc.comcastbusiness.net
IP: 50.246.153.194
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.246.153.194 resolves as 50-246-153-194-static.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.257 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 17:38 CDT
Scan duration : 1379 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.246.153.194 :
192.168.100.162
192.168.100.1
50.246.153.194

Hop Count: 2
50.246.153.195
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 18:01:07 2023
End time: Wed Oct 25 18:24:59 2023
Host Information
DNS Name: 50-246-153-195-static.hfc.comcastbusiness.net
IP: 50.246.153.195
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.246.153.195 resolves as 50-246-153-195-static.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.422 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:01 CDT
Scan duration : 1419 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.246.153.195 :
192.168.100.162
192.168.100.1
50.246.153.195

Hop Count: 2
50.246.153.196
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 18:12:33 2023
End time: Wed Oct 25 18:36:51 2023
Host Information
DNS Name: 50-246-153-196-static.hfc.comcastbusiness.net
IP: 50.246.153.196
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.246.153.196 resolves as 50-246-153-196-static.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.357 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:12 CDT
Scan duration : 1445 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.246.153.196 :
192.168.100.162
192.168.100.1
50.246.153.196

Hop Count: 2
50.246.153.197
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 18:24:59 2023
End time: Wed Oct 25 18:49:11 2023
Host Information
DNS Name: 50-246-153-197-static.hfc.comcastbusiness.net
IP: 50.246.153.197
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.246.153.197 resolves as 50-246-153-197-static.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.736 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:25 CDT
Scan duration : 1439 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.246.153.197 :
192.168.100.162
192.168.100.1
50.246.153.197

Hop Count: 2
50.246.153.198
0
1
2
0
27
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 18:36:51 2023
End time: Wed Oct 25 19:15:19 2023
Host Information
DNS Name: 50-246-153-198-static.hfc.comcastbusiness.net
IP: 50.246.153.198
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2001/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2001/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.246.153.198 resolves as 50-246-153-198-static.hfc.comcastbusiness.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2001/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Wed, 25 Oct 2023 23:54:29 GMT
Content-Length: 21
Connection: close

Response Body :

authorization failed

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/555

Port 555/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2001/www

Port 2001/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 55.249 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:37 CDT
Scan duration : 2299 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2001/www


This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2001/www


The host name known by Nessus is :

50-246-153-198-static.hfc.comcastbusiness.net

The Common Name in the certificate is :

*.l.home.camect.com

The Subject Alternate Name in the certificate is :

*.l.home.camect.com
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2001/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2001/www


The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :

Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2001/www

Subject Name:

Common Name: *.l.home.camect.com

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73


Fingerprints :

SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/2001/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2001/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2001/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2001/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/2001/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2001/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2001/www

A TLSv1.2 server answered on this port.

tcp/2001/www

A web server is running on this port through TLSv1.2.

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2001/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.246.153.198 :
192.168.100.162
192.168.100.1
50.246.153.198

Hop Count: 2
50.255.85.97
0
1
3
0
26
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 18:49:11 2023
End time: Wed Oct 25 19:25:57 2023
Host Information
DNS Name: 50-255-85-97-static.hfc.comcastbusiness.net
IP: 50.255.85.97
OS: FortiOS on Fortinet FortiGate
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/443/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : O=Fortinet Ltd./CN=FortiGate

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE's :

cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : firewall
Confidence level : 100

17367 - Fortinet FortiGate Web Console Management Detection
-
Synopsis
A firewall management console is running on the remote host.
Description
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.

Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
See Also
Solution
Filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2005/03/18, Modified: 2023/07/18
Plugin Output

tcp/443/www


The following instance of FortiOS Web Interface was detected on the remote host :

Version : >= 5.4
URL : https://50-255-85-97-static.hfc.comcastbusiness.net/

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.255.85.97 resolves as 50-255-85-97-static.hfc.comcastbusiness.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Encoding: gzip
Content-Type: text/html
ETag: 89e3321d7f1087cc067df54b0bf85dd6
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Thu, 26 Oct 2023 00:08:40 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Response Body :

...

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 56.732 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:49 CDT
Scan duration : 2196 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML


The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 443 (10 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

50-255-85-97-static.hfc.comcastbusiness.net

The Common Name in the certificate is :

fortigate
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Issuer Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Serial Number: 47 E0 E6 C2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jul 31 21:14:46 2022 GMT
Not Valid After: Jul 31 21:14:46 2032 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D3 27 BE 0D 90 43 55 A8 77 17 B6 E5 C3 47 DD ED 2B BD FF
33 DA 09 82 D1 74 22 4D BA 9B C9 02 3E 63 C3 C3 12 74 40 35
29 C7 12 93 07 51 D1 AF F5 0B 4B A4 AA 14 7B 68 19 49 77 AA
39 2F 8C 53 06 3B E7 2D 38 FC D9 48 31 2A 3E 49 8C 4D 9F C7
6B EA BB 9F AC EC F2 D5 84 E0 F5 7F 97 D7 3B B9 C0 85 A5 E5
EE EB BC FF 39 97 A8 7D 87 18 5A 93 59 9E FD A2 3A 8D 0E A8
13 37 C5 1F F2 AA E4 34 38 12 B7 C0 B9 3C 2F 9D 6E 2A A6 D0
9F 84 22 E1 67 D7 A7 88 CC FC 6C 20 86 75 C4 5F A0 D0 CD EE
99 89 23 95 F8 F4 CD CF 50 DB 8C FA 06 63 DA AE 6B 0C F0 C8
7E CC 18 6C 49 05 00 C7 A5 12 F3 26 BE E0 A6 A9 6A 8A 64 25
26 46 B8 64 F5 53 4A EA 21 CD 69 0B 0C 99 F5 7B 83 86 B3 39
2D B9 89 5F 24 F6 F1 05 D9 24 45 91 62 C4 47 CC 77 EF FB 5A
5C 31 C4 F3 38 7E EF 15 AD 2C 18 AC 74 8B 9F 51 8D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 81 94 BA 40 14 A9 D6 B6 58 55 AD E1 43 62 9A 36 12 6A 50
E4 FB 15 10 55 D4 6E 12 29 87 12 91 76 8A 83 26 F5 CF 38 EC
04 1C A8 9B 00 B5 12 C4 76 2B 49 E4 6E B0 A3 DB 3C DB 59 83
BD 1A F8 13 B6 9C FD 6E B0 F2 A4 FC CE 8D 82 05 AC 41 5C 57
2F C7 5A E6 9A 00 38 C2 02 A0 9D A6 B8 2E 8D 0F A8 1F 2F 27
2C 04 7B B9 CD 3D 54 E1 59 9A A0 F0 31 80 1E 18 D4 60 A3 45
B4 43 20 D9 96 E2 52 0B 15 D2 62 F1 83 53 F8 07 5E E2 7A B6
F1 02 74 39 B8 90 6E AF 06 BA CB 44 61 3D 92 83 6A 45 34 E8
B6 49 7A 26 39 6B 7D F2 F3 FE 1A C8 E4 54 54 1D 2A F9 A6 DE
F3 ED 89 98 47 D7 47 E1 FC FC B7 1F 58 54 AA E3 A8 30 13 25
1E 67 5C 64 C4 4D A1 93 FF BE 36 0E A6 08 5B 76 33 AE 6B 54
5E B1 B1 E4 76 5C 0C 13 6C 21 93 1B D9 B6 1D 13 5A C0 C0 D0
FF B3 11 69 6A B1 B4 80 5C 94 39 4D EC 06 CF 16 DD

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Fingerprints :

SHA-256 Fingerprint: 94 4C 64 7D AF 71 F7 6C CA 37 E5 91 60 AB BE E6 AB FE AF 46
E5 E9 17 5C 47 EF F4 D3 2B D7 2C 97
SHA-1 Fingerprint: D3 6D 10 72 47 38 93 C0 BE 90 86 DA 9F B4 81 F2 E7 06 F5 00
MD5 Fingerprint: 4A 68 C9 19 CC 29 D2 FE FA CC 90 0B 26 EF FA 97


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIC4zCCAcugAwIBAgIER+DmwjANBgkqhkiG9w0BAQsFADAsMRYwFAYDVQQKDA1Gb3J0aW5ldCBMdGQuMRIwEAYDVQQDDAlGb3J0aUdhdGUwHhcNMjIwNzMxMjExNDQ2WhcNMzIwNzMxMjExNDQ2WjAsMRYwFAYDVQQKDA1Gb3J0aW5ldCBMdGQuMRIwEAYDVQQDDAlGb3J0aUdhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTJ74NkENVqHcXtuXDR93tK73/M9oJgtF0Ik26m8kCPmPDwxJ0QDUpxxKTB1HRr/ULS6SqFHtoGUl3qjkvjFMGO+ctOPzZSDEqPkmMTZ/Ha+q7n6zs8tWE4PV/l9c7ucCFpeXu67z/OZeofYcYWpNZnv2iOo0OqBM3xR/yquQ0OBK3wLk8L51uKqbQn4Qi4WfXp4jM/GwghnXEX6DQze6ZiSOV+PTNz1DbjPoGY9quawzwyH7MGGxJBQDHpRLzJr7gpqlqimQlJka4ZPVTSuohzWkLDJn1e4OGszktuYlfJPbxBdkkRZFixEfMd+/7WlwxxPM4fu8VrSwYrHSLn1GNAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAIGUukAUqda2WFWt4UNimjYSalDk+xUQVdRuEimHEpF2ioMm9c847AQcqJsAtRLEditJ5G6wo9s821mDvRr4E7ac/W6w8qT8zo2CBaxBXFcvx1rmmgA4wgKgnaa4Lo0PqB8vJywEe7nNPVThWZqg8DGAHhjUYKNFtEMg2ZbiUgsV0mLxg1P4B17ierbxAnQ5uJBurwa6y0RhPZKDakU06LZJeiY5a33y8/4ayORUVB0q+abe8+2JmEfXR+H8/LcfWFSq46gwEyUeZ1xkxE2hk/++Ng6mCFt2M65rVF6xseR2XAwTbCGTG9m2HRNawMDQ/7MRaWqxtIBclDlN7AbPFt0=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/443/www


The STS header line is :

Strict-Transport-Security: max-age=15552000

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.255.85.97 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.85.203.10
96.108.30.22
96.110.140.106
73.2.206.83
50.255.85.97

Hop Count: 10

100669 - Web Application Cookies Are Expired
-
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Published: 2017/06/07, Modified: 2021/12/20
Plugin Output

tcp/443/www


The following cookies are expired :

Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :
50.255.85.98
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 19:15:19 2023
End time: Wed Oct 25 19:38:59 2023
Host Information
DNS Name: 50-255-85-98-static.hfc.comcastbusiness.net
IP: 50.255.85.98
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.255.85.98 resolves as 50-255-85-98-static.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.931 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 19:15 CDT
Scan duration : 1407 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.255.85.98 :
192.168.100.162
192.168.100.1
50.255.85.98

Hop Count: 2
50.255.85.99
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 19:25:57 2023
End time: Wed Oct 25 19:50:18 2023
Host Information
DNS Name: 50-255-85-99-static.hfc.comcastbusiness.net
IP: 50.255.85.99
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.255.85.99 resolves as 50-255-85-99-static.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.745 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 19:26 CDT
Scan duration : 1448 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.255.85.99 :
192.168.100.162
192.168.100.1
50.255.85.99

Hop Count: 2
50.255.85.100
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 19:38:59 2023
End time: Wed Oct 25 20:03:13 2023
Host Information
DNS Name: 50-255-85-100-static.hfc.comcastbusiness.net
IP: 50.255.85.100
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.255.85.100 resolves as 50-255-85-100-static.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.271 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 19:39 CDT
Scan duration : 1441 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.255.85.100 :
192.168.100.162
192.168.100.1
50.255.85.100

Hop Count: 2
50.255.85.101
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 19:50:18 2023
End time: Wed Oct 25 20:14:20 2023
Host Information
DNS Name: 50-255-85-101-static.hfc.comcastbusiness.net
IP: 50.255.85.101
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.255.85.101 resolves as 50-255-85-101-static.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.681 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 19:50 CDT
Scan duration : 1429 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.255.85.101 :
192.168.100.162
192.168.100.1
50.255.85.101

Hop Count: 2
50.255.85.102
0
1
2
0
27
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 20:03:13 2023
End time: Wed Oct 25 20:41:59 2023
Host Information
DNS Name: 50-255-85-102-static.hfc.comcastbusiness.net
IP: 50.255.85.102
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2001/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2001/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


50.255.85.102 resolves as 50-255-85-102-static.hfc.comcastbusiness.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2001/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 01:20:55 GMT
Content-Length: 21
Connection: close

Response Body :

authorization failed

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/555

Port 555/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2001/www

Port 2001/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 77.135 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 20:03 CDT
Scan duration : 2316 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2001/www


This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2001/www


The host name known by Nessus is :

50-255-85-102-static.hfc.comcastbusiness.net

The Common Name in the certificate is :

*.l.home.camect.com

The Subject Alternate Name in the certificate is :

*.l.home.camect.com
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2001/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2001/www


The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :

Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2001/www

Subject Name:

Common Name: *.l.home.camect.com

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73


Fingerprints :

SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/2001/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2001/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2001/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2001/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/2001/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2001/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2001/www

A TLSv1.2 server answered on this port.

tcp/2001/www

A web server is running on this port through TLSv1.2.

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2001/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 50.255.85.102 :
192.168.100.162
192.168.100.1
50.255.85.102

Hop Count: 2
64.139.87.41
0
1
3
0
32
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 20:14:20 2023
End time: Wed Oct 25 20:57:28 2023
Host Information
DNS Name: 64-139-87-41-Hattiesburg.hfc.comcastbusiness.net
IP: 64.139.87.41
OS: FortiOS on Fortinet FortiGate
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/443/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : O=Fortinet Ltd./CN=FortiGate

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2023/10/16
Plugin Output

tcp/0


The remote operating system matched the following CPE's :

cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : firewall
Confidence level : 100

17367 - Fortinet FortiGate Web Console Management Detection
-
Synopsis
A firewall management console is running on the remote host.
Description
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.

Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
See Also
Solution
Filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2005/03/18, Modified: 2023/07/18
Plugin Output

tcp/443/www


The following instance of FortiOS Web Interface was detected on the remote host :

Version : >= 5.4
URL : https://64-139-87-41-Hattiesburg.hfc.comcastbusiness.net/

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


64.139.87.41 resolves as 64-139-87-41-Hattiesburg.hfc.comcastbusiness.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
location: https://64-139-87-41-Hattiesburg.hfc.comcastbusiness.net:443/
Date: Thu, 26 Oct 2023 01:34:08 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Encoding: gzip
Content-Type: text/html
ETag: 3d9d521f61a853f8ef09c629fd5d0485
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Thu, 26 Oct 2023 01:34:09 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Response Body :

.‹.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 63.618 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 20:14 CDT
Scan duration : 2578 sec
Scan for malware : no

42823 - Non-compliant Strict Transport Security (STS)
-
Synopsis
The remote web server implements Strict Transport Security incorrectly.
Description
The remote web server implements Strict Transport Security. However, it does not respect all the requirements of the STS draft standard.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2014/09/19
Plugin Output

tcp/80/www


The Strict-Transport-Security header must not be sent over an
unencrypted channel.

11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML


The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Published: 2008/03/12, Modified: 2022/04/11
Plugin Output

tcp/0

+ On the following port(s) :
- 443 (10 hops away)
- 80 (10 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

+ On the following port(s) :
- 53 (1 hops away)

The operating system was identified as :

Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443/www


This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

64-139-87-41-hattiesburg.hfc.comcastbusiness.net

The Common Name in the certificate is :

fortigate
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Issuer Name:

Organization: Fortinet Ltd.
Common Name: FortiGate

Serial Number: 36 0F 6C B0 48 0B 5C D4

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Feb 24 19:07:21 2022 GMT
Not Valid After: Feb 25 19:07:21 2032 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C1 72 0A 3D 2E 24 30 E5 BA 5A 20 B4 B0 6B D2 E3 8E 45 86
3F 0C CB 66 AB 4A B1 EA 97 75 9E 27 C6 3A 70 7D 76 68 B7 BF
0A C7 34 A0 69 E4 08 3A A7 4A 61 FC E2 DF 39 15 F7 A7 E8 DA
36 CF 78 94 89 56 F4 68 AF B3 DA 07 4A C8 3A 19 F4 DD E3 E2
25 D8 A1 FA 14 84 41 44 55 BD 71 08 7C 93 03 09 5B B0 99 4D
35 BF B4 F3 28 9D 7C 31 45 F7 9E 17 D1 CA B9 86 B6 F7 EB B4
6B 10 C7 54 F1 70 1C 63 0D DF 2D 17 61 6E F7 91 B0 94 3F A6
3B A0 64 21 DC 85 AD 3B 12 90 97 8E F7 5B 18 5B C4 47 23 0F
33 E9 58 95 85 12 E3 35 B8 31 C7 40 0A 15 25 D7 2C 0C BB 2E
DE A6 44 4A 79 98 40 ED 08 4D 53 C9 1E 16 EB 8E 45 63 D8 32
2A 2D 48 68 6B 51 31 EE 62 C4 6B CA 61 CA FF 20 E3 DD 01 F7
1C 7C F6 B2 1B 6C F3 5F E1 1D D6 A3 8F 11 17 E1 66 1E 36 96
4F F3 1C F6 82 5D 25 64 4A F3 B1 74 D3 4A 7A 4B 61
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 3A 42 C2 A3 30 83 9C 57 64 2C DD 47 7F DB 8A 97 97 2F 7C
CA 87 34 37 64 BD 9D 5E 3D 31 03 27 7F AE 38 D2 E3 5A 84 C7
BB F2 72 A0 1A 2F 22 D0 63 20 3D 02 99 46 37 A7 11 EE 7C C2
E0 EF C8 81 D6 7E 2C 14 B0 7A 7B E7 30 CB 28 36 E7 B0 24 F5
02 18 D2 D8 BB E6 57 14 DB 6C 43 96 37 95 E3 FD 9C A7 5F DC
C1 D4 9D 97 30 09 B8 36 C3 CA D2 88 53 58 41 48 8C D7 D9 C1
CA 33 10 E4 E5 05 6B 2A 6D 85 C5 9D 05 E7 8F DA 35 41 83 58
BA 08 1F 04 7F 5B 1D A3 63 17 63 6B 23 F7 6F 56 A0 66 13 21
A5 AA 44 0B E9 D2 36 50 8D 7E BB 24 EA D3 4E 4E ED 6A E9 B6
53 38 4F 57 C6 0B 8F 08 D4 93 35 CB A3 11 26 17 D7 C6 01 A5
5F DA EE 83 54 E4 1F 46 8F F0 C9 FC 5A 8A C3 5F CC B7 13 C5
9A 8A 34 0F BE E0 BB 77 AB 02 98 02 40 BB 7E 22 35 10 E6 AF
21 0E 58 E0 D5 CF C8 E4 A0 3C 54 34 95 AD 69 8E 51

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Fingerprints :

SHA-256 Fingerprint: 16 BF 4F 98 C2 AD B1 0C 39 A1 33 80 66 D0 1F 32 61 C5 22 89
C2 92 D2 B2 A7 A7 AA 4B 1C 95 66 D6
SHA-1 Fingerprint: 83 E7 18 1A 3E D0 93 ED 7D 80 38 59 DE 81 D5 E7 B6 C8 1B 1F
MD5 Fingerprint: EB 5D D5 84 A3 80 2E 79 30 F3 8B 8B 1D 41 F7 88


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIINg9ssEgLXNQwDQYJKoZIhvcNAQELBQAwLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMB4XDTIyMDIyNDE5MDcyMVoXDTMyMDIyNTE5MDcyMVowLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXIKPS4kMOW6WiC0sGvS445Fhj8My2arSrHql3WeJ8Y6cH12aLe/Csc0oGnkCDqnSmH84t85Ffen6No2z3iUiVb0aK+z2gdKyDoZ9N3j4iXYofoUhEFEVb1xCHyTAwlbsJlNNb+08yidfDFF954X0cq5hrb367RrEMdU8XAcYw3fLRdhbveRsJQ/pjugZCHcha07EpCXjvdbGFvERyMPM+lYlYUS4zW4McdAChUl1ywMuy7epkRKeZhA7QhNU8keFuuORWPYMiotSGhrUTHuYsRrymHK/yDj3QH3HHz2shts81/hHdajjxEX4WYeNpZP8xz2gl0lZErzsXTTSnpLYQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA6QsKjMIOcV2Qs3Ud/24qXly98yoc0N2S9nV49MQMnf6440uNahMe78nKgGi8i0GMgPQKZRjenEe58wuDvyIHWfiwUsHp75zDLKDbnsCT1AhjS2LvmVxTbbEOWN5Xj/ZynX9zB1J2XMAm4NsPK0ohTWEFIjNfZwcozEOTlBWsqbYXFnQXnj9o1QYNYuggfBH9bHaNjF2NrI/dvVqBmEyGlqkQL6dI2UI1+uyTq005O7WrptlM4T1fGC48I1JM1y6MRJhfXxgGlX9rug1TkH0aP8Mn8WorDX8y3E8WaijQPvuC7d6sCmAJAu34iNRDmryEOWODVz8jkoDxUNJWtaY5R
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.

42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/80/www


The STS header line is :

Strict-Transport-Security: max-age=15552000

42822 - Strict Transport Security (STS) Detection
-
Synopsis
The remote web server implements Strict Transport Security.
Description
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/16, Modified: 2019/11/22
Plugin Output

tcp/443/www


The STS header line is :

Strict-Transport-Security: max-age=15552000

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 64.139.87.41 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.86.240.134
68.86.241.106
96.110.133.118
75.64.4.148
64.139.87.41

Hop Count: 10

100669 - Web Application Cookies Are Expired
-
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Published: 2017/06/07, Modified: 2021/12/20
Plugin Output

tcp/80/www


The following cookies are expired :

Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :

100669 - Web Application Cookies Are Expired
-
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Published: 2017/06/07, Modified: 2021/12/20
Plugin Output

tcp/443/www


The following cookies are expired :

Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :


Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
64.139.87.42
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 20:41:59 2023
End time: Wed Oct 25 21:19:24 2023
Host Information
DNS Name: 64-139-87-42-Hattiesburg.hfc.comcastbusiness.net
IP: 64.139.87.42
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


64.139.87.42 resolves as 64-139-87-42-Hattiesburg.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.017 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 20:42 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 64.139.87.42 :
192.168.100.162
192.168.100.1
64.139.87.42

Hop Count: 2
64.139.87.43
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 20:57:28 2023
End time: Wed Oct 25 21:34:33 2023
Host Information
DNS Name: 64-139-87-43-Hattiesburg.hfc.comcastbusiness.net
IP: 64.139.87.43
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


64.139.87.43 resolves as 64-139-87-43-Hattiesburg.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.765 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 20:57 CDT
Scan duration : 2212 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 64.139.87.43 :
192.168.100.162
192.168.100.1
64.139.87.43

Hop Count: 2
64.139.87.44
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 21:19:24 2023
End time: Wed Oct 25 21:42:27 2023
Host Information
DNS Name: 64-139-87-44-Hattiesburg.hfc.comcastbusiness.net
IP: 64.139.87.44
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


64.139.87.44 resolves as 64-139-87-44-Hattiesburg.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 4.504 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 21:19 CDT
Scan duration : 1370 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 64.139.87.44 :
192.168.100.162
192.168.100.1
64.139.87.44

Hop Count: 2
64.139.87.45
0
1
3
0
45
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 21:34:33 2023
End time: Wed Oct 25 22:21:43 2023
Host Information
DNS Name: 64-139-87-45-Hattiesburg.hfc.comcastbusiness.net
IP: 64.139.87.45
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2001/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/2002/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2001/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/2002/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


64.139.87.45 resolves as 64-139-87-45-Hattiesburg.hfc.comcastbusiness.net.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2001/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 02:57:26 GMT
Content-Length: 21
Connection: close

Response Body :

authorization failed

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2019/11/22
Plugin Output

tcp/2002/www


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 02:57:26 GMT
Content-Length: 21
Connection: close

Response Body :

authorization failed

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/555

Port 555/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/556

Port 556/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2001/www

Port 2001/tcp was found to be open

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/2002/www

Port 2002/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.077 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 21:34 CDT
Scan duration : 2816 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2001/www


This port supports TLSv1.3/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/2002/www


This port supports TLSv1.3/TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2001/www


The host name known by Nessus is :

64-139-87-45-hattiesburg.hfc.comcastbusiness.net

The Common Name in the certificate is :

*.l.home.camect.com

The Subject Alternate Name in the certificate is :

*.l.home.camect.com

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/2002/www


The host name known by Nessus is :

64-139-87-45-hattiesburg.hfc.comcastbusiness.net

The Common Name in the certificate is :

*.l.home.camect.com

The Subject Alternate Name in the certificate is :

*.l.home.camect.com

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2001/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/2002/www


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2001/www


The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :

Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT

42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/2002/www


The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :

Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2001/www

Subject Name:

Common Name: *.l.home.camect.com

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73


Fingerprints :

SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/2002/www

Subject Name:

Common Name: *.l.home.camect.com

Issuer Name:

Country: US
Organization: Let's Encrypt
Common Name: R3

Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06

Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73


Fingerprints :

SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/2001/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.

Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
Published: 2016/12/08, Modified: 2022/10/12
Plugin Output

tcp/2002/www


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2001/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/2002/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2001/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/2002/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2001/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/2002/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/2001/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/2002/www


The following root Certification Authority certificate was found :

|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2001/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2023/07/10
Plugin Output

tcp/2002/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2001/www

A TLSv1.2 server answered on this port.

tcp/2001/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2023/07/10
Plugin Output

tcp/2002/www

A TLSv1.2 server answered on this port.

tcp/2002/www

A web server is running on this port through TLSv1.2.

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2001/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/2002/www

TLSv1.2 is enabled and the server supports at least one cipher.

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 64.139.87.45 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.86.240.134
68.86.241.106
96.110.133.118
75.64.4.148
64.139.87.45

Hop Count: 10
64.139.87.46
0
1
1
0
9
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Oct 25 21:42:27 2023
End time: Wed Oct 25 22:19:50 2023
Host Information
DNS Name: 64-139-87-46-Hattiesburg.hfc.comcastbusiness.net
IP: 64.139.87.46
OS: Nutanix
Vulnerabilities

35450 - DNS Server Spoofed Request Amplification DDoS
-
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
See Also
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
3.6
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output

udp/53/dns


The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.

If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.

If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.

If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
See Also
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.

Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'

If you are using another name server, consult its documentation.
Risk Factor
Medium
VPR Score
4.2
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Published: 2000/10/27, Modified: 2018/06/27
Plugin Output

udp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


64.139.87.46 resolves as 64-139-87-46-Hattiesburg.hfc.comcastbusiness.net.

11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2023/09/25
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2023/07/31
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 59.743 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 21:42 CDT
Scan duration : 2234 sec
Scan for malware : no
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2022/03/09
Plugin Output

tcp/0


Remote operating system : Nutanix
Confidence level : 70
Method : SinFP


The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/06/26
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.100.162 to 64.139.87.46 :
192.168.100.162
192.168.100.1
64.139.87.46

Hop Count: 2
© 2023 Tenable™, Inc. All rights reserved.